Hi. Can I ask for assistance solving this problem. Many thanks!
Fedora # rpm -qa|grep squid
squid-4.0.17-1.fc25.x86_64
# uname -a
Linux www.kalfaoglu.net 4.10.10-200.fc25.x86_64 #1 SMP Thu Apr 13
01:11:51 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux
ERROR
The requested URL could not be retri
On 18/04/17 16:50, turgut kalfaoğlu wrote:
Hi there.. Could we have an option to auto re-create the ssl database?
For some reason, out of nowhere, I start getting these in the cache.log:
security_file_certgen helper database '/var/lib/ssl_db' failed: Failed
to open file /var/lib/ssl_db/index.t
On 19/04/17 13:12, Dan Charlesworth wrote:
Hi everyone,
This is a super weird one!
This Pressreader site (http://sheppartonnews.pressreader.com/shepparton-news)
gets a totally different (erroneous) response from the server when accessing it
through squid on a particular school's network.
It
Olly, Debian provides a ca-certificates package containing the Mozilla
CA list. It is updated whenever the CA set changes. Though of course you
should have apt connected to the relevant security repository
(jesse-security?) for regular updates.
Amos
On 19/04/17 03:10, Olly Lennox wrote:
Wo
Hi everyone,
This is a super weird one!
This Pressreader site (http://sheppartonnews.pressreader.com/shepparton-news)
gets a totally different (erroneous) response from the server when accessing it
through squid on a particular school's network.
It doesn’t happen through any other squid box on
Did you got my answer?
You should be able to dispatch more then one fetcher but you should somehow
manage them and restrict their amount and dispatch rate.
Eliezer
Eliezer Croitoru
Linux System Administrator
Mobile: +972-5-28704261
Email: elie...@ngtech.co.il
-Original Message-
Would you mind sharing the script you use? oli...@lennox-it.uk
lennox-it.uk
tel: 07900 648 252
From: Yuri Voinov
To: Olly Lennox ; "squid-users@lists.squid-cache.org"
Sent: Tuesday, 18 April 2017, 16:00
Subject: Re: [squid-users] HTTPS woes
I have automated cron job to refresh Mo
I have automated cron job to refresh Mozilla CA's bundle by monthly basis.
Intermediate CA's, however, requires non-scheduled maintenance. I've
maintain it by demand.
18.04.2017 20:17, Olly Lennox пишет:
> Thanks Yuri! The Mozilla Bundle has worked!! Most of the major sites
> seem to be working
Thanks Yuri! The Mozilla Bundle has worked!! Most of the major sites seem to be
working which is all we need. How often do these certificates refresh? Would
they need updating every month or so? oli...@lennox-it.uk
lennox-it.uk
tel: 07900 648 252
From: Yuri Voinov
To: Olly Lennox ; "squi
You talked about two different things.
1. root CA usually built-in in clients. For standalone use, root CA
(from Mozilla) usually distributes with openssl distributions. If you
need (or your openssl distribution does not contains root CAs), you can
find separately distributed Mozilla CA's by short
So anyone who wants to use Squid over HTTPS in the way has to build this
repository themselves by manually downloading all the CA bundles?
From: Yuri
To: Olly Lennox ; "squid-users@lists.squid-cache.org"
Sent: Tuesday, 18 April 2017, 14:03
Subject: Re: [squid-users] HTTPS woes
18.04.2017 18:56, Olly Lennox пишет:
I'm using
sslproxy_foreign_intermediate_certs
Is this the same thing?
No. You firstly required CA roots available for squid. CA roots and
intermediate is the different things.
Also is there anywhere to get a bundle of all the major CA intermdiate
certs
I'm using
sslproxy_foreign_intermediate_certs
Is this the same thing?
Also is there anywhere to get a bundle of all the major CA intermdiate certs or
do you have to download them all manually?
Cheers, oli...@lennox-it.uk
lennox-it.uk
tel: 07900 648 252
From: Yuri
To: squid-users@lists.s
Try to specify roots CA bundle/dir explicity by specifying one of this
params:
# TAG: sslproxy_cafile
#file containing CA certificates to use when verifying server
#certificates while proxying https:// URLs
#Default:
# none
# TAG: sslproxy_capath
#directory containing CA certific
Hi All,
Still having problems here. This is my https config now:
-https_port 3129 intercept ssl-bump
generate-host-certificates=on dynamic_cert_mem_cache_size=4MB
cert=/etc/squid3/ssl_cert/squid.crt key=/etc/squid3/ssl_cert/squid.key
options=NO_SSLv3 dhparams=/
On 18/04/17 21:29, Eric Veiras Galisson wrote:
I'm back with more information about my problem.
I put squid in front of https://fr.wikipedia.org, I generated a false
certificate for my test to avoid problems with my browser and... I
still have a problem with squid, the same as before.
I'm th
I'm back with more information about my problem.
I put squid in front of https://fr.wikipedia.org, I generated a false
certificate for my test to avoid problems with my browser and... I still
have a problem with squid, the same as before.
I'm thinking that my problem does not come from the upstre
17 matches
Mail list logo
