On 18/10/2012 9:53 p.m., guest01 wrote:
Hi,
We are using Squid 3.1.12[1] in our environment as forward-Proxy with
a PAC-file for HTTP and HTTPs. As far as I know, HTTPs works via the
CONNECT-method (we are not using any SSL-bump-stuff) and should not
touch the SSL certificate at all. Unfortunately, we are currently
experiencing a strange behavior with a SSL certificate for only a
couple of users (win7 clients with IE9 and ldap basic authentication):
URL: https://www.brandschutz-online.cc/kastner/
certification path without proxy:
GeoTrust Global CA
-> RapidSSL CA
-> www.brandschutz-online.cc
If we are using Squid as proxy, we get following certification path in IE9:
www.brandschutz-online.cc
IE9 is complaining about a certificate error.
Any idea why this is happening? Usually, everything is working for
HTTPs without any browser complaints.
That would be something between those users machines and the website in
question. You are quite right about Squid not touching or having
anything to do with the SSL portion of the request in your setup.
At a guess I would say look at the TLS/SSL versions supported and used
by those users and by the website. The encryption details probably do
not overlap at some point - or the site has something in its cert they
are now validationg for but older software did not.
Amos
