Hi all, Problem solved using regenerating all certificates with this : http://www.mydlp.com/how-to-configure-squid-3-2-ssl-bumping-dynamic-ssl-certificate-generation/
Adding public.pem in the browser removed alerts. Le 24 mars 2014 à 12:29, Emmanuel LAZARO - S.IM.KO. <em.laz...@simko.fr> a écrit : > Hi again, > > In addition i can say this problem (sec_error_unknown_issuer) appears when i > am using a "real" certificate from verisign who is well known by the web > browser. > > I readed here : > http://squid-web-proxy-cache.1019090.n4.nabble.com/Need-help-on-SSL-bump-and-certificate-chain-td4659421.html > > That i can't do what i want with a signed certificate from a known authority. > > So i try using a self signed certificate but it doesn't work with the error : > sec_error_untrusted_issuer > > > > Le 24 mars 2014 à 11:48, Emmanuel LAZARO - S.IM.KO. <em.laz...@simko.fr> a > écrit : > >> Hi all, >> >> I get on the web browsers : Code d'erreur : sec_error_unknown_issuer >> >> Can someone help me ? >> >> >> Le 19 mars 2014 à 08:53, Emmanuel LAZARO - S.IM.KO. <em.laz...@simko.fr> a >> écrit : >> >>> Hi all, >>> >>> I am using Squid 3.4.4 on debian wheezy compiling the sources. >>> >>> I am trying to configure squid as a transparent proxy using : >>> >>> https_port 3129 intercept ssl-bump generate-host-certificates=on >>> dynamic_cert_mem_cache_size=4MB >>> cert=/etc/squid3/CertifSignature/SquidServeurVeriSign.pem >>> key=/etc/squid3/CertifSignature/Squid.key >>> >>> The SquidServeurVeriSign.pem have been signed by verisign. >>> >>> How can i avoid the alerts on firefox or safari (i am in a mac osx >>> environment) because the alerts are spoting on every https pages : >>> >>> "Connexion not certified >>> >>> You asked firefox to connect... we can't confirm the connexion is >>> secured...website identity can't be verified." >>> >>> Sry for the translation... >>> >>> Can someone help me ? >>> >>> NB : I imported the root certificate in my firefox. >>> ------ >>> >>> LAZARO Emmanuel >> >
