If your server listens on a public IP, you can use a valid certificate.
On Tue, May 26, 2020 at 7:24 PM Julien TEHERY <julien.teh...@mediactivegroup.com> wrote: > > Hi there, > > I'm actually facing a problem with Squid 4.6-1 (Debian 10). > I'm using squid with https_port directive, using an SSL certficate ( a true > one, not self signed) > > Here is the simple setup: > > https_port X.X.X.X:8443 tls-cert=/etc/squid/mywildcard.com.pem > > The fact is that setup works for all firefox version using a proxy.pac file > for HTTPS connexions to the squid server. > But for chrome this is quite different. Indeed chrome uses the system's proxy > settings and i noticed that sometimes it would work and sometinles it would > fail. > To make it work all the time i had to add my intermediate certificate > (thawte) in the local store, so that means intermediate certificate has not > been delivered by the squid server as it should. > > The pem file in the above setup allreadycontains this (pem file done by > concatenating private key, cert, intermediate and root CA. I also tried the > following syntax: > > https_port X.X.X.X:8443 cert=/etc/squid/mywildcard..com.cer > key=/etc/squid/mywildcard.com.key > cafile=/etc/squid/mywildcard..com-intermediaire.txt > > but each time i try to see with openssl client if my intermediate is > delivered, it's not > I use "openssl s_client -showcerts -connect myproxy.com:8443" > > If i do the same thing on an apache server with the same certificate files i > can see both certificate and intermediate. Why squid isn't able to show it, > did i miss something ? > > > Thanks for your help > _______________________________________________ > squid-users mailing list > squid-users@lists.squid-cache.org > http://lists.squid-cache.org/listinfo/squid-users _______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
