Re: [squid-users] ssl_bump with intermediate CA

2017-01-07 Thread senor
Thank you Amos. I agree that adding the anchor is generally harmless and you've chosen your battles wisely. Also thank you Garri. I must have missed your response confirming the same. For current squid versions the wiki page is misleading according to all credible references I can find. Any applic

Re: [squid-users] ssl_bump with intermediate CA

2017-01-06 Thread Eliezer Croitoru
lists.squid-cache.org] On Behalf Of Amos Jeffries Sent: Friday, January 6, 2017 12:06 PM To: squid-users@lists.squid-cache.org Subject: Re: [squid-users] ssl_bump with intermediate CA On 2017-01-06 21:27, senor wrote: > Thank you for the response but I think my question is still unanswered.

Re: [squid-users] ssl_bump with intermediate CA

2017-01-06 Thread Amos Jeffries
On 2017-01-06 21:27, senor wrote: Thank you for the response but I think my question is still unanswered. Comments below: On 1/5/2017 16:57, Bruce Rosenberg wrote: The cafile option specifies the "chain" file squid should send back to the client along with the cert, exactly as you would normall

Re: [squid-users] ssl_bump with intermediate CA

2017-01-06 Thread senor
Thank you for the response but I think my question is still unanswered. Comments below: On 1/5/2017 16:57, Bruce Rosenberg wrote: > The cafile option specifies the "chain" file squid should send back to > the client along with the cert, exactly as you would normally do with > Apache httpd or Nginx

Re: [squid-users] ssl_bump with intermediate CA

2017-01-05 Thread Garri Djavadyan
On Thu, 2017-01-05 at 23:40 +, senor wrote: > Hello All. > I'd like clarification of the documentation at > http://wiki.squid-cache.org/ConfigExamples/Intercept/SslBumpWithInter > mediateCA > > In section "CA certificate preparation" it is stated that a file > should > be created with "interme

Re: [squid-users] ssl_bump with intermediate CA

2017-01-05 Thread Bruce Rosenberg
The cafile option specifies the "chain" file squid should send back to the client along with the cert, exactly as you would normally do with Apache httpd or Nginx. In the example the generated server cert is depth 0, CA2 is depth 1 and CA1 is depth 2. If the client has CA1 installed as a trust anch

[squid-users] ssl_bump with intermediate CA

2017-01-05 Thread senor
Hello All. I'd like clarification of the documentation at http://wiki.squid-cache.org/ConfigExamples/Intercept/SslBumpWithIntermediateCA In section "CA certificate preparation" it is stated that a file should be created with "intermediate CA2 followed by root CA1 in PEM format". CA1 is the cert tr