Howto fix X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY Squid error

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Howto fix X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY Squid error

Rafael Akchurin

Hello everyone,

Added new article for intermediate certificates and X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY error when bumping SSL.
Hopefully will be helpful/interesting for someone https://docs.diladele.com/faq/squid/fix_unable_to_get_issuer_cert_locally.html

 

Best regards,
Rafael Akchurin

Diladele B.V.


_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Howto fix X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY Squid error

Yuri Voinov

I would not install intermediate certificates in the system store. They have a much shorter validity period - this time, and two - there is a SQUID functionality that supports adding missing intermediate certificates from a separate file. For security reasons, intermediate certificates require additional administrator attention, and they should be kept separate.


07.04.2017 15:13, Rafael Akchurin пишет:

Hello everyone,

Added new article for intermediate certificates and X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY error when bumping SSL.
Hopefully will be helpful/interesting for someone https://docs.diladele.com/faq/squid/fix_unable_to_get_issuer_cert_locally.html

 

Best regards,
Rafael Akchurin

Diladele B.V.



_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users

--
Bugs to the Future

_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users

0x613DEC46.asc (2K) Download Attachment
signature.asc (484 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Howto fix X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY Squid error

Yuri Voinov
In reply to this post by Rafael Akchurin

#  TAG: sslproxy_foreign_intermediate_certs
#    Many origin servers fail to send their full server certificate
#    chain for verification, assuming the client already has or can
#    easily locate any missing intermediate certificates.
#
#    Squid uses the certificates from the specified file to fill in
#    these missing chains when trying to validate origin server
#    certificate chains.
#
#    The file is expected to contain zero or more PEM-encoded
#    intermediate certificates. These certificates are not treated
#    as trusted root certificates, and any self-signed certificate in
#    this file will be ignored.
#Default:
# none

Heh?


07.04.2017 15:13, Rafael Akchurin пишет:

Hello everyone,

Added new article for intermediate certificates and X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY error when bumping SSL.
Hopefully will be helpful/interesting for someone https://docs.diladele.com/faq/squid/fix_unable_to_get_issuer_cert_locally.html

 

Best regards,
Rafael Akchurin

Diladele B.V.



_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users

--
Bugs to the Future

_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users

0x613DEC46.asc (2K) Download Attachment
signature.asc (484 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Howto fix X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY Squid error

Rafael Akchurin
Hello Yuri,

Yes this is much better solution!

Best regards,
Rafael Akchurin

Op 7 apr. 2017 om 18:20 heeft Yuri Voinov <[hidden email]> het volgende geschreven:

#  TAG: sslproxy_foreign_intermediate_certs
#    Many origin servers fail to send their full server certificate
#    chain for verification, assuming the client already has or can
#    easily locate any missing intermediate certificates.
#
#    Squid uses the certificates from the specified file to fill in
#    these missing chains when trying to validate origin server
#    certificate chains.
#
#    The file is expected to contain zero or more PEM-encoded
#    intermediate certificates. These certificates are not treated
#    as trusted root certificates, and any self-signed certificate in
#    this file will be ignored.
#Default:
# none

Heh?


07.04.2017 15:13, Rafael Akchurin пишет:

Hello everyone,

Added new article for intermediate certificates and X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY error when bumping SSL.
Hopefully will be helpful/interesting for someone https://docs.diladele.com/faq/squid/fix_unable_to_get_issuer_cert_locally.html

 

Best regards,
Rafael Akchurin

Diladele B.V.



_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users

--
Bugs to the Future
<0x613DEC46.asc>
_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users

_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Howto fix X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY Squid error

Yuri Voinov
;-)

No problem, Raf. This is really much better solution ;-)

07.04.2017 22:44, Rafael Akchurin пишет:
Hello Yuri,

Yes this is much better solution!

Best regards,
Rafael Akchurin

Op 7 apr. 2017 om 18:20 heeft Yuri Voinov <[hidden email]> het volgende geschreven:

#  TAG: sslproxy_foreign_intermediate_certs
#    Many origin servers fail to send their full server certificate
#    chain for verification, assuming the client already has or can
#    easily locate any missing intermediate certificates.
#
#    Squid uses the certificates from the specified file to fill in
#    these missing chains when trying to validate origin server
#    certificate chains.
#
#    The file is expected to contain zero or more PEM-encoded
#    intermediate certificates. These certificates are not treated
#    as trusted root certificates, and any self-signed certificate in
#    this file will be ignored.
#Default:
# none

Heh?


07.04.2017 15:13, Rafael Akchurin пишет:

Hello everyone,

Added new article for intermediate certificates and X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY error when bumping SSL.
Hopefully will be helpful/interesting for someone https://docs.diladele.com/faq/squid/fix_unable_to_get_issuer_cert_locally.html

 

Best regards,
Rafael Akchurin

Diladele B.V.



_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users

--
Bugs to the Future
<0x613DEC46.asc>
_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users

--
Bugs to the Future

_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users

0x613DEC46.asc (2K) Download Attachment
signature.asc (484 bytes) Download Attachment
Loading...