Hey, Did you manage to find a solution for your use case? Let me know if you need assistance with this issue.
Eliezer ---- Eliezer Croitoru Tech Support Mobile: +972-5-28704261 Email: ngtech1...@gmail.com On Tue, Mar 4, 2025 at 1:57 AM Doug Tucker <doug.tuc...@navigaglobal.com> wrote: > I have read through everything I can find on this subject but still cannot > seem to get around the issue of windows updates not working through the > squid transparent proxy. No matter what I try I continue to see this in > the cache log and windows update will not connect. > > 2025/03/03 23:26:55 kid5| Error negotiating SSL on FD 25: > error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify > failed (1/-1/0) > > I tried adding the info from the following doc to no avail. > > https://wiki.squid-cache.org/SquidFaq/WindowsUpdate > > > The relevant parts of my squid.conf: > > #Handling HTTPS requests > https_port 3130 cert=/etc/squid/ssl/squid.pem ssl-bump intercept > acl SSL_port port 443 > http_access allow SSL_port > acl allowed_https_sites ssl::server_name "/etc/squid/allowed-sites.txt" > acl step1 at_step SslBump1 > acl step2 at_step SslBump2 > acl step3 at_step SslBump3 > ssl_bump peek step1 all > ssl_bump peek step2 allowed_https_sites > ssl_bump splice step3 allowed_https_sites > ssl_bump terminate step2 all > > #windows update > acl DiscoverSNIHost at_step SslBump1 > acl NoSSLIntercept ssl::server_name_regex -i "/etc/squid/url.nobump" > ssl_bump splice NoSSLIntercept > ssl_bump peek DiscoverSNIHost > ssl_bump bump all > > I ran tcpdump and added every url i could find to the allowed-sites.txt > and added the 2 sites recommended tot he url.nobump. If anyone has gotten > this to work any help would be appreciated. > > > > > > > *Doug Tucker* > Sr. Director of Networking and Linux Operations > > *o:* 817.975.5832 > *e: *doug.tuc...@navigaglobal.com > > > Newscycle Solutions is now Naviga. Learn more. > > > CONFIDENTIALITY NOTICE: The contents of this email message and any > attachments are intended solely for the addressee(s) and may contain > confidential and/or privileged information and may be legally protected > from disclosure. If you are not the intended recipient of this message or > their agent, or if this message has been addressed to you in error, please > immediately alert the sender by reply email and then delete this message > and any attachments. If you are not the intended recipient, you are hereby > notified that any use, dissemination, copying, or storage of this message > or its attachments is strictly prohibite > > _______________________________________________ > squid-users mailing list > squid-users@lists.squid-cache.org > https://lists.squid-cache.org/listinfo/squid-users >
_______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org https://lists.squid-cache.org/listinfo/squid-users
