Hello, On Wed, Feb 06, Yann Girardin wrote:
> I am using ssl bump and it's work fine a lot of SSL sites, but some of > those are misconfigured and squid won't succeed to get the correct > certificate, and give me the following error : > SEC_ERROR_UNKNOWN_ISSUER > > Looking on the internet I understand that this is a SSL server > misconfiguration, but I know that some browser like safari, and chrome > are implementing the AIA fetching to get the missing certificates > using the information store in the authority information access of the > certificate. > > Is there a way to activate this AIA fetching in squid or do i have to > implement it myself using a helper with the sslcrtvalidator_program ? I've added these few lines: --snip-- acl fetch_intermediate_certificate transaction_initiator certificate-fetching http_access allow fetch_intermediate_certificate cache allow fetch_intermediate_certificate cache deny all --snip-- -- Regards Dieter -- I do not get viruses because I do not use MS software. If you use Outlook then please do not put my email address in your address-book so that WHEN you get a virus it won't use my address in the From field. _______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
