No, no one responded. Doug Tucker Sr. Director of Networking and Linux Operations doug.tuc...@navigaglobal.com ________________________________ From: NgTech LTD <ngtech1...@gmail.com> Sent: Sunday, March 16, 2025 2:38:35 AM To: Doug Tucker <doug.tuc...@navigaglobal.com> Cc: squid-users@lists.squid-cache.org <squid-users@lists.squid-cache.org> Subject: Re: [squid-users] windows updates
You don't often get email from ngtech1...@gmail.com. Learn why this is important<https://aka.ms/LearnAboutSenderIdentification> Naviga WARNING: External email. Please verify sender before opening attachments or clicking on links. Hey, Did you manage to find a solution for your use case? Let me know if you need assistance with this issue. Eliezer ---- Eliezer Croitoru Tech Support Mobile: +972-5-28704261 Email: ngtech1...@gmail.com<mailto:ngtech1...@gmail.com> On Tue, Mar 4, 2025 at 1:57 AM Doug Tucker <doug.tuc...@navigaglobal.com<mailto:doug.tuc...@navigaglobal.com>> wrote: I have read through everything I can find on this subject but still cannot seem to get around the issue of windows updates not working through the squid transparent proxy. No matter what I try I continue to see this in the cache log and windows update will not connect. 2025/03/03 23:26:55 kid5| Error negotiating SSL on FD 25: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed (1/-1/0) I tried adding the info from the following doc to no avail. https://wiki.squid-cache.org/SquidFaq/WindowsUpdate The relevant parts of my squid.conf: #Handling HTTPS requests https_port 3130 cert=/etc/squid/ssl/squid.pem ssl-bump intercept acl SSL_port port 443 http_access allow SSL_port acl allowed_https_sites ssl::server_name "/etc/squid/allowed-sites.txt" acl step1 at_step SslBump1 acl step2 at_step SslBump2 acl step3 at_step SslBump3 ssl_bump peek step1 all ssl_bump peek step2 allowed_https_sites ssl_bump splice step3 allowed_https_sites ssl_bump terminate step2 all #windows update acl DiscoverSNIHost at_step SslBump1 acl NoSSLIntercept ssl::server_name_regex -i "/etc/squid/url.nobump" ssl_bump splice NoSSLIntercept ssl_bump peek DiscoverSNIHost ssl_bump bump all I ran tcpdump and added every url i could find to the allowed-sites.txt and added the 2 sites recommended tot he url.nobump. If anyone has gotten this to work any help would be appreciated. Doug Tucker Sr. Director of Networking and Linux Operations o: 817.975.5832 e: doug.tuc...@navigaglobal.com<mailto:doug.tuc...@navigaglobal.com> Newscycle Solutions is now Naviga. Learn more. CONFIDENTIALITY NOTICE: The contents of this email message and any attachments are intended solely for the addressee(s) and may contain confidential and/or privileged information and may be legally protected from disclosure. If you are not the intended recipient of this message or their agent, or if this message has been addressed to you in error, please immediately alert the sender by reply email and then delete this message and any attachments. If you are not the intended recipient, you are hereby notified that any use, dissemination, copying, or storage of this message or its attachments is strictly prohibite _______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org<mailto:squid-users@lists.squid-cache.org> https://lists.squid-cache.org/listinfo/squid-users
_______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org https://lists.squid-cache.org/listinfo/squid-users
