Re: [squid-users] Squid 3.2 - Dynamic SSL certs that aren't self-signed

From: Alex Ray <alexray_at_espsolution.net>
Date: Mon, 27 Dec 2010 13:56:27 -0800

Here are logs from /usr/local/squid/var/lib/ssl_db/index.txt

V 131124202916Z 058BD142 unknown
/CN=www.microsoft.com-----BEGIN CERTIFICATE-----
V 131124203005Z 058BD143 unknown
/CN=clients1.google.com-----BEGIN CERTIFICATE-----
V 131124203006Z 058BD144 unknown
/CN=mail.google.com-----BEGIN CERTIFICATE-----

On Mon, Dec 27, 2010 at 1:00 PM, Alex Ray <alexray_at_espsolution.net> wrote:
> No, the certificate is being made, just incorrectly. �Look at the common name:
>
> microsoft.com-----BEGIN CERTIFICATE-----
>
> ^ I'm fairly sure that "-----BEGIN CERTIFICATE-----" shouldn't be a
> part of the CN for microsoft.com.
>
> On Mon, Dec 27, 2010 at 12:42 PM, Amos Jeffries <squid3_at_treenet.co.nz> wrote:
>> On 28/12/10 06:42, Alex Ray wrote:
>>>
>>> Looks like dynamic ssl certs are still broken as of 3.2.0.4:
>>>
>>> microsoft.com uses an invalid security certificate.
>>>
>>> The certificate is not trusted because it is self-signed.
>>> The certificate is only valid for microsoft.com-----BEGIN CERTIFICATE-----
>>>
>>> (Error code: sec_error_untrusted_issuer)
>>
>> Does your browser trust the signing CA?
>> That message does not show up if the CA is installed in the browser.
>>
>> Amos
>> --
>> Please be using
>> �Current Stable Squid 2.7.STABLE9 or 3.1.10
>> �Beta testers wanted for 3.2.0.4
>>
>

-- 
Alex Ray
Technical Support Representative
Enhanced Software Products, Inc.
www.espsolution.net
800 456-5750
NOTICE: This e-mail may contain confidential or legally privileged
information and is intended solely for delivery to the specific person
identified as the recipient. Any review, re-transmission,
dissemination or other use or taking of any action in reliance upon
this e-mail by persons other than the intended recipient is prohibited
and may require legal action. If you receive this e-mail in error,
please contact me at the address above and delete from your computer
system, or otherwise from your records, the information, which was
transmitted to you in error.
Received on Mon Dec 27 2010 - 21:56:35 MST

This archive was generated by hypermail 2.2.0 : Tue Dec 28 2010 - 12:00:03 MST