Re: [squid-users] Squid Version 3.5.20 Any Ideas

2017-07-20 Thread Cherukuri, Naresh
Thank you Yuri! Appreciate your help. From: Yuri [mailto:yvoi...@gmail.com] Sent: Wednesday, July 19, 2017 5:15 PM To: Cherukuri, Naresh; squid-users@lists.squid-cache.org Subject: Re: [squid-users] Squid Version 3.5.20 Any Ideas 20.07.2017 3:09, Cherukuri, Naresh пишет: Yuri, I am new to

Re: [squid-users] Squid Version 3.5.20 Any Ideas

2017-07-20 Thread Cherukuri, Naresh
Thank you Amos! Appreciate your help. -Original Message- From: squid-users [mailto:squid-users-boun...@lists.squid-cache.org] On Behalf Of Amos Jeffries Sent: Wednesday, July 19, 2017 8:55 PM To: squid-users@lists.squid-cache.org Subject: Re: [squid-users] Squid Version 3.5.20 Any Ideas

Re: [squid-users] Squid Version 3.5.20 Any Ideas

2017-07-19 Thread Amos Jeffries
On 20/07/17 09:10, Yuri wrote: Aha, 20.07.2017 3:04, Cherukuri, Naresh пишет: Yuri, I am sorry I didn’t get you I already installed certificate on all clients(trusted root certificate authorities). You want me install proxy public key also on clients, if so were should I put the proxy pub

Re: [squid-users] Squid Version 3.5.20 Any Ideas

2017-07-19 Thread Yuri
ally, this should be enough. > > > > Thanks, > > Naresh > > > > *From:*Yuri [mailto:yvoi...@gmail.com] > *Sent:* Wednesday, July 19, 2017 5:06 PM > *To:* Cherukuri, Naresh; squid-users@lists.squid-cache.org > *Subject:* Re: [squid-users] Squid Version

Re: [squid-users] Squid Version 3.5.20 Any Ideas

2017-07-19 Thread Yuri
should know about CA's uses for connection verification. > > > > > *From:*Yuri [mailto:yvoi...@gmail.com] > *Sent:* Wednesday, July 19, 2017 4:55 PM > *To:* Cherukuri, Naresh; squid-users@lists.squid-cache.org > *Subject:* Re: [squid-users] Squid Version 3.5.20 Any I

Re: [squid-users] Squid Version 3.5.20 Any Ideas

2017-07-19 Thread Cherukuri, Naresh
, Naresh From: Yuri [mailto:yvoi...@gmail.com] Sent: Wednesday, July 19, 2017 5:06 PM To: Cherukuri, Naresh; squid-users@lists.squid-cache.org Subject: Re: [squid-users] Squid Version 3.5.20 Any Ideas Related OpenSSL public CA bundle - in theory it should be installed together with OpenSSL

Re: [squid-users] Squid Version 3.5.20 Any Ideas

2017-07-19 Thread Yuri
esday, July 19, 2017 2:25 PM > *To:* squid-users@lists.squid-cache.org > *Subject:* Re: [squid-users] Squid Version 3.5.20 Any Ideas > > > > One out of two. Either the Squid does not see the OpenSSL/system root > CAs bundle, or the proxy CA's public key is not installed

Re: [squid-users] Squid Version 3.5.20 Any Ideas

2017-07-19 Thread Cherukuri, Naresh
@lists.squid-cache.org Subject: Re: [squid-users] Squid Version 3.5.20 Any Ideas No. Only proxy's CA public key. Private should remains on proxy only. 20.07.2017 2:49, Cherukuri, Naresh пишет: Thanks Yuri for quick turnover! We inly installed root certificate on all clients. We didn’t in

Re: [squid-users] Squid Version 3.5.20 Any Ideas

2017-07-19 Thread Yuri
2017 2:25 PM > *To:* squid-users@lists.squid-cache.org > *Subject:* Re: [squid-users] Squid Version 3.5.20 Any Ideas > > > > One out of two. Either the Squid does not see the OpenSSL/system root > CAs bundle, or the proxy CA's public key is not installed in the > clients

Re: [squid-users] Squid Version 3.5.20 Any Ideas

2017-07-19 Thread Cherukuri, Naresh
...@lists.squid-cache.org] On Behalf Of Yuri Sent: Wednesday, July 19, 2017 2:25 PM To: squid-users@lists.squid-cache.org Subject: Re: [squid-users] Squid Version 3.5.20 Any Ideas One out of two. Either the Squid does not see the OpenSSL/system root CAs bundle, or the proxy CA's public k

Re: [squid-users] Squid Version 3.5.20 Any Ideas

2017-07-19 Thread Yuri
One out of two. Either the Squid does not see the OpenSSL/system root CAs bundle, or the proxy CA's public key is not installed in the clients. It's all. 19.07.2017 23:30, Walter H. пишет: > Hello, > > this seems not to be the problem, as the error messages are in > cache.log, which is not a brow

Re: [squid-users] Squid Version 3.5.20 Any Ideas

2017-07-19 Thread Yuri
This simple seems op does not installed proxy CA's public in clients. No more. And errors in cache.log (as well as client complaints) are unambiguously shown. All other ideas are your nonsense. 19.07.2017 23:30, Walter H. пишет: > Hello, > > this seems not to be the problem, as the error messag

Re: [squid-users] Squid Version 3.5.20 Any Ideas

2017-07-19 Thread Walter H.
Hello, this seems not to be the problem, as the error messages are in cache.log, which is not a browser problem ... the question: are the SSL bumped sites in intranet, which use a self signed CA cert itself, which squid doesn't know? On 19.07.2017 17:36, Yuri wrote: http://wiki.squid-cach

Re: [squid-users] Squid Version 3.5.20 Any Ideas

2017-07-19 Thread Yuri
http://wiki.squid-cache.org/ConfigExamples/Intercept/SslBumpExplicit http://i.imgur.com/A153C7A.png 19.07.2017 21:34, Cherukuri, Naresh пишет: > > Hi All, > > > > I installed Squid version 3.5.20 on RHEL 7 and generated self-signed > CA certificates, My users are complaining about certificate

Re: [squid-users] Squid Version 3.5.20 Any Ideas

2017-07-19 Thread Cherukuri, Naresh
Hi All, I installed Squid version 3.5.20 on RHEL 7 and generated self-signed CA certificates, My users are complaining about certificate errors. When I looked at cache.log I see so many error messages like below. Below is my squid.conf file. Any ideas how to address below errors. Squid.conf: