squid 3.5.27 .https website show SEC_ERROR_UNKNOWN_ISSUER
with your help. i changed my configure. and now the https problem is that SEC_ERROR_UNKNOWN_ISSUER. i use squid 3.5.27 as a transparent proxy and a icap client .With the proxy , i access most of https websites like www.amazon.com. but failed . So i want to know where problem is or how to deal with it.
The webpage remind like" www.amazon.com used an invalid security certificate.The certificate is not trusted because of its self-signature.This certificate is invalid for the name www.amazon.com.Error code: SEC_ERROR_UNKNOWN_ISSUER "
Here is my configure
# Squid normally listens to port 3128 http_port 3120
Re: squid 3.5.27 .https website show SEC_ERROR_UNKNOWN_ISSUER
On 20/11/17 21:06, G~D~Lunatic wrote:
> with your help. i changed my configure. and now the https problem is
> that SEC_ERROR_UNKNOWN_ISSUER.
> i use squid 3.5.27 as a transparent proxy and a icap client .With the
> proxy , i access most of https websites like www.amazon.com
> http://www.hupu.com. but failed . So i want to know where problem is
> or how to deal with it.
The config you presented has one major problem - you have configured
ssl-bump option on the https_port but do not have any ssl_bump
directives telling Squid what bumping actions are to be done.
What Squid does under that circumstance is bump the TLS using an invalid
server certificate and deliver an error page to the client in hopes that
either the invalid cert will throw up an error, or the error page might