(no subject)

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

(no subject)

赵 俊

Hi,

When I access SVN ,I want to bump SVN connection.


Error like this:


The following error was encountered while trying to retrieve the URL: https://WIN-BEOUENL2N6U/*

Failed to establish a secure connection to 192.168.52.6

The system returned:

(71) Protocol error (TLS code: X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY)

SSL Certficate error: certificate issuer (CA) not known: /CN=WIN-BEOUENL2N6U

This proxy and the remote host failed to negotiate a mutually acceptable security settings for handling your request. It is possible that the remote host does not support secure connections, or the proxy is not satisfied with the host security credentials.


My squid.conf :

acl ssl_step1 at_step SslBump1
acl ssl_step2 at_step SslBump2
acl ssl_step3 at_step SslBump3

ssl_bump stare ssl_step1
ssl_bump bump ssl_step2
ssl_bump terminate ssl_step3

May  i  solve this problem,if I go to the official certification  organization certificating myCA ?


_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|

Re: (no subject)

Amos Jeffries
Administrator
On 13/12/17 14:11, 赵 俊 wrote:

> Hi,
>
> When I access SVN ,I want to bump SVN connection.
>
>
> Error like this:
>
>
> The following error was encountered while trying to retrieve the URL:
> https://WIN-BEOUENL2N6U/*
>
>     *Failed to establish a secure connection to 192.168.52.6*
>
> The system returned:
>
>     (71) Protocol error (TLS code: X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY)
>
>     SSL Certficate error: certificate issuer (CA) not known:
>     /CN=WIN-BEOUENL2N6U
>
> This proxy and the remote host failed to negotiate a mutually acceptable
> security settings for handling your request. It is possible that the
> remote host does not support secure connections, or the proxy is not
> satisfied with the host security credentials.
>
>
> My squid.conf :
>
> acl ssl_step1 at_step SslBump1
> acl ssl_step2 at_step SslBump2
> acl ssl_step3 at_step SslBump3
>
> ssl_bump stare ssl_step1
> ssl_bump bump ssl_step2
> ssl_bump terminate ssl_step3
>
> May  i  solve this problem,if I go to the official certification  
> organization certificating myCA ?
>

Not really. There are two problems;

The first problem is that you are using host names instead of domain name.
 
<https://superuser.com/questions/59093/difference-between-host-name-and-domain-name/59094>


The second problem is that you are bumping at SSL-Bump step #2 before
any of the real server details are available to Squid.


Amos
_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users