Re: [squid-users] Squid 3.2 - Dynamic SSL certs that aren't self-signed

From: Alex Ray <alexray_at_espsolution.net>
Date: Mon, 27 Dec 2010 16:08:08 -0800

Disregard, I figured it out. In my helper script I had a mistake in
counting the number of chars in my cert/key. Fixed that and now it
works.

On Mon, Dec 27, 2010 at 1:56 PM, Alex Ray <alexray_at_espsolution.net> wrote:
> Here are logs from /usr/local/squid/var/lib/ssl_db/index.txt
>
> V       131124202916Z           058BD142        unknown
> /CN=www.microsoft.com-----BEGIN CERTIFICATE-----
> V       131124203005Z           058BD143        unknown
> /CN=clients1.google.com-----BEGIN CERTIFICATE-----
> V       131124203006Z           058BD144        unknown
> /CN=mail.google.com-----BEGIN CERTIFICATE-----
>
>
> On Mon, Dec 27, 2010 at 1:00 PM, Alex Ray <alexray_at_espsolution.net> wrote:
>> No, the certificate is being made, just incorrectly.  Look at the common name:
>>
>> microsoft.com-----BEGIN CERTIFICATE-----
>>
>> ^ I'm fairly sure that "-----BEGIN CERTIFICATE-----" shouldn't be a
>> part of the CN for microsoft.com.
>>
>> On Mon, Dec 27, 2010 at 12:42 PM, Amos Jeffries <squid3_at_treenet.co.nz> wrote:
>>> On 28/12/10 06:42, Alex Ray wrote:
>>>>
>>>> Looks like dynamic ssl certs are still broken as of 3.2.0.4:
>>>>
>>>> microsoft.com uses an invalid security certificate.
>>>>
>>>> The certificate is not trusted because it is self-signed.
>>>> The certificate is only valid for microsoft.com-----BEGIN CERTIFICATE-----
>>>>
>>>> (Error code: sec_error_untrusted_issuer)
>>>
>>> Does your browser trust the signing CA?
>>> That message does not show up if the CA is installed in the browser.
>>>
>>> Amos
>>> --
>>> Please be using
>>>  Current Stable Squid 2.7.STABLE9 or 3.1.10
>>>  Beta testers wanted for 3.2.0.4
>>>
>>
>
>
>
> --
> Alex Ray
>
> Technical Support Representative
>
> Enhanced Software Products, Inc.
>
> www.espsolution.net
>
> 800 456-5750
>
>
>
> NOTICE: This e-mail may contain confidential or legally privileged
> information and is intended solely for delivery to the specific person
> identified as the recipient. Any review, re-transmission,
> dissemination or other use or taking of any action in reliance upon
> this e-mail by persons other than the intended recipient is prohibited
> and may require legal action. If you receive this e-mail in error,
> please contact me at the address above and delete from your computer
> system, or otherwise from your records, the information, which was
> transmitted to you in error.
> 

-- 
Alex Ray
Technical Support Representative
Enhanced Software Products, Inc.
www.espsolution.net
800 456-5750
NOTICE: This e-mail may contain confidential or legally privileged
information and is intended solely for delivery to the specific person
identified as the recipient. Any review, re-transmission,
dissemination or other use or taking of any action in reliance upon
this e-mail by persons other than the intended recipient is prohibited
and may require legal action. If you receive this e-mail in error,
please contact me at the address above and delete from your computer
system, or otherwise from your records, the information, which was
transmitted to you in error.
Received on Tue Dec 28 2010 - 00:08:17 MST

This archive was generated by hypermail 2.2.0 : Tue Dec 28 2010 - 12:00:03 MST