[squid-users] SSL3_GET_SERVER_CERTIFICATE failed

G~D~Lunatic Wed, 06 Dec 2017 23:47:35 -0800

my squid is a transparent proxy. 
the cache.log shows that 
2017/12/07 15:42:53 kid1| Error negotiating SSL connection on FD 175: Closed by 
client
2017/12/07 15:42:54 kid1| Error negotiating SSL on FD 95: error:14090086:SSL 
routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed (1/-1/0)
2017/12/07 15:42:55 kid1| Error negotiating SSL connection on FD 124: Closed by 
client
2017/12/07 15:42:56 kid1| Error negotiating SSL on FD 52: error:14090086:SSL 
routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed (1/-1/0)



what's the problem?? thank you
 


Here is my configure

https_port 192.168.51.200:3129 intercept ssl-bump connection-auth=off 
generate-host-certificates=on dynamic_cert_mem_cache_size=4MB 
cert=/usr/local/squid/ssl_cert/myCA.pem key=/usr/local/squid/ssl_cert/myCA.pem 
options=NO_SSLv3,NO_SSLv2


acl broken_sites ssl::server_name matchweb.sports.qq.com
acl ssl_step1 at_step SslBump1
acl ssl_step2 at_step SslBump2
acl ssl_step3 at_step SslBump3
ssl_bump splice broken_sites
#ssl_bump splice all
ssl_bump stare ssl_step1
ssl_bump bump ssl_step2
ssl_bump terminate ssl_step3

_______________________________________________
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

[squid-users] SSL3_GET_SERVER_CERTIFICATE failed

Reply via email to