Yes, that's what i did. As I explained before, i provided to squid a pem file containing:
* sever key * server cert * intermediate cert with in squid.conf: https_port 8443 tls-cert=path/to/my/wildcard.pem I did not try to add root cert as i'm aware it's not necessary I've spent so many hours on something that should work quickly.. ________________________________ De : squid-users <squid-users-boun...@lists.squid-cache.org> de la part de Matus UHLAR - fantomas <uh...@fantomas.sk> Envoyé : jeudi 28 mai 2020 10:12 À : squid-users@lists.squid-cache.org <squid-users@lists.squid-cache.org> Objet : Re: [squid-users] HTTPS_PORT AND SSL CERT On 28.05.20 06:32, Julien TEHERY wrote: >I retried everything possible in terms of order in the pem file. from my >workstation, if i do "openssl s_client -showcerts -connect >mysquid.mycompany.com:8443" i only get one certificate/issuer, but the same >command on same server but different port (apache listenning on 443), i >correctly get 2 certificates/issuers: > >I precise my https configuration isn't for ssl_bump purpose but only to >provide secure access to the http proxy through the WAN with a valid >certificate. >Do you some of you use complete certificates (including intermediate) with >squid? If yes please tell me how you made it work. >I do have the latest stable squid version built with openssl support. you apparnetly need ptovide concatenated list of your squid certificate and intermediate certificate that signed your squid certificate. You don't need to provide the root certificate that signed intermediate certificate, since browsers to have that certificate installed (otherwise they wouldn't trust the certificate at all). -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. - Have you got anything without Spam in it? - Well, there's Spam egg sausage and Spam, that's not got much Spam in it. _______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
_______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
