Squid Proxy does not see CA anymore
-
Hello,
In the last three snapshots - today and the two days before - Squid in SSL Interception mode cannot be activated anymore, as it does not see the CA installed in Cert Manager ( the only available option in the Squid GUI is 'none' ).
I am posting here as it seems to be linked to Cert Manager in 2.5 rather than Squid itself.
If anyone has any idea.
Best,
-
@hexistenz Please provide more info about your CA cert
unable to reproduce it on 2.5.0.a.20210122.2350 with squid-pkg 0.4.45
-
@viktor_g
Thanks a lot for looking into it. It's an intermediate CA - Key is ECC P521.
The CA is validly accepted in Cert-Manager and can generate Certificates.For that matter any type of CA even RSA are not seen by Squid.
I tried to uninstall-reinstall but no luck yet. I may just do a clean install of the latest snapshot to see if it changes anything.Any logs I may look into? I have not see any errors yet.
PS I am now on 2.5.0.a.20210122.2350 with squid-pkg 0.4.45
-
related to https://redmine.pfsense.org/issues/9897#note-7
Please add your comment or create a new bugreport:
https://docs.netgate.com/pfsense/en/latest/development/bug-reports.html -
Oh many thanks, removing all the P521 CAs, now Squid sees another type!
Thanks a lot for your help!Best,
