On 21/11/2019 12:51, Kassir Bariq wrote:
Hi,
You can add this line in your squid.conf
sslproxy_cert_error allow allowed_https_sites
this should fix your issue to bypass sites without a valid certificate.
I probably wouldn't do this blindly, either use a different acl such as
known_broken_cert_sites and add sites that you have trouble with to that
ACL.
I believe Palo Alto and Bluecoats have a feature mechanism to provide
the client with an appropriately broken cert , e.g. if the cert is
expired, but has a trusted chain then it uses an expired cert with a
trusted chain to the client, and if a cert is self signed, then it sends
a self-signed cert to the client.
I don't know whether Squid also has that mechanism, but would probably
be preferred.
--
Giles Coochey
_______________________________________________
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users
