Ok, finally got the certificate installed properly and can proxy some https sites (gmail, google) but I get an error when going to a bank website..... NET::ERR_CERT_COMMON_NAME_INVALID when I created the certificate, I purposefully left the common name blank as per several articles on ssl_bump. So I'm assuming it's complaining about the CN generated by squid/ssl_bump?
On Mon, Oct 13, 2014 at 9:22 AM, Robert Watson <rob...@gillecaluim.com> wrote: > Ok, finally got the certificate installed properly and can proxy some > https sites (gmail, google) but I get an error when going to a bank > website..... > NET::ERR_CERT_COMMON_NAME_INVALID > when I created the certificate, I purposefully left the common name blank > as per several articles on ssl_bump. So I'm assuming it's complaining > about the CN generated by squid/ssl_bump? > > > > On Mon, Oct 6, 2014 at 12:39 AM, Amos Jeffries <squ...@treenet.co.nz> > wrote: > >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> On 6/10/2014 4:24 p.m., Robert Watson wrote: >> > still trying to get this working. To eliminate the self signed >> > certificate issue, I got a official signed certificate from >> > Starfield Tech. LLC. They've sent two certifcates but I'm unsure >> > how to use these certificates since the ssl_bump parameters only >> > have one certificate as a parameter >> >> The CA is very unlikely to be issuing you certificates capable of use >> in Squid in the way intended. It is illegal for a trusted root CA to >> do so in the country they are registered. Besides that it is downright >> foolish for them to give up their trust reputation. Look at what >> happened to DigiNotar. >> >> The point of self-signed is that _your Squid_ is the root CA signer. >> >> The ssl-bump feature in current Squid makes parameter cert= take the >> self-signed CA certificate in PEM format. Squid generates the rest of >> the certificte chain as necessary. >> >> > >> > On Sun, Oct 5, 2014 at 8:52 AM, Eliezer Croitoru wrote: >> > >> > On 10/05/2014 01:22 PM, Amos Jeffries wrote: >> >>>> MSIE 11 seems to be growing in popularity for some reason >> >>>> ;-) >> >>>> >> >>>> Amos >> > >> > And Still there is: >> > http://bugs.squid-cache.org/show_bug.cgi?id=4115 >> > >> > For now I am using ssl_crtd of 3.4.5 for google ssl bump to work. >> > >> > Eliezer >> >> Amos >> -----BEGIN PGP SIGNATURE----- >> Version: GnuPG v2.0.22 (MingW32) >> >> iQEcBAEBAgAGBQJUMkdGAAoJELJo5wb/XPRjygMH/Rk0EYwCgluL1YCWNa8cTZHN >> RkPNY1fTbe7U0ioB7J69KTJ07XH8sy0w9bChB5s/siodi3WD8ogZ3VdtEYxcqjf1 >> 9yhb771Il3IiVaAiuF62FHWTEHjwHwTcBVR7/cDxigPW2VuSyyhZsdA8ayl1ZUXO >> jW44IH5g0Sja7KVJAfS67AANG4Sp4vMh1rGdXpbP8Bq8QGposL3viGh51z3k6/OP >> Dok8oVIsIluICLc8sLAKJbJwaBYSh0SLBrnNUv0Yl6+MtAFNfViXJGa3OfRG5ucQ >> aTS9Be4vzJthVdV1+tTtqubCvjrYB7PqQcfL9VzA4UlvQovgPDAnVMO074Kyjug= >> =k3K8 >> -----END PGP SIGNATURE----- >> _______________________________________________ >> squid-users mailing list >> squid-users@lists.squid-cache.org >> http://lists.squid-cache.org/listinfo/squid-users >> > >
_______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
