Alex Samad | 25 Feb 05:18 2015
Picon

Interesting problem

Hi

I am running squid on Centos 6.5
squid-3.1.10-29.el6.x86_64

when I browse to https://www.quadriserv.com from IE or Chrome via the
squid proxy, it seems to corrupt the server cert.

when i browse to the site by passing squid it works fine.

I have tried wget from the squid box works fine also tried openssl s_client

openssl s_client -connect www.quadriserv.com:443 -showcerts </dev/null | less

-----BEGIN CERTIFICATE-----
MIIFyTCCBLGgAwIBAgIRAJfNWR72clr8JgXbvgA+uqgwDQYJKoZIhvcNAQEFBQAw
YjELMAkGA1UEBhMCVVMxITAfBgNVBAoTGE5ldHdvcmsgU29sdXRpb25zIEwuTC5D
LjEwMC4GA1UEAxMnTmV0d29yayBTb2x1dGlvbnMgQ2VydGlmaWNhdGUgQXV0aG9y
aXR5MB4XDTEzMTAyMjAwMDAwMFoXDTE4MDQxMjIzNTk1OVowgdMxCzAJBgNVBAYT
AlVTMQ4wDAYDVQQREwUxMDAxNzELMAkGA1UECBMCTlkxFjAUBgNVBAcTDU5ldyBZ
b3JrIENpdHkxEzARBgNVBAkTCjE0dGggRmxvb3IxFjAUBgNVBAkTDTUyOSBGaWZ0
aCBBdmUxFzAVBgNVBAoTDlF1YWRyaXNlcnYgSW5jMQswCQYDVQQLEwJJVDEhMB8G
A1UECxMYU2VjdXJlIExpbmsgU1NMIFdpbGRjYXJkMRkwFwYDVQQDFBAqLnF1YWRy
aXNlcnYuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3Oa12dWu
84WE2CeA0hVoFAw50+HpoB30Gi7uQ9/NK0A+gt8Igk5Vcwub6atldIiVc62k7v/9
DPZNoBxsOVopaTuDA54E6wnHEYve6VCr2xlQAnJEraIDZnvvQG/YnC8/ll44Yg06
MWVvMSug7oDSLhPPRX5ZjkQikpB6XKO1OhUUOJghUfo0YlG4I/8MBWpvJitaJOH9
pELBmepJFcpBvkij20Nk6MZu8kwzVs21Rp4FTEHpSH9Iagn7kw186nHqZkl+9D7e
UxM4IKc74j++Z2RjEPpPLLMcJYakD6kgkCUSkqiGmUS6R/4KBtbsE39lgJxNQDHU
Kqn5boHiyOjEZwIDAQABo4ICBjCCAgIwHwYDVR0jBBgwFoAUPEHijwgIqUwliY1t
(Continue reading)

Pedro Valera | 25 Feb 02:52 2015
Picon

Squid-users, estos descuentos te van a encantar

 
 
Hola Squid-users,
 
Quiero recomendarte Linio, la tienda online más grande de Latinoamerica. Tiene descuentos increíbles y productos de todo tipo.
 
Si te suscribes a su newsletter a través de mi invitación, recibirás S/.25 de descuento en tu primera compra.
 
¡Conócela! Yo creo que te gustará
 
Pedro Valera
 
 
 
  SUSCRIBIRME  
 
 
 
Al hacer click en el link anterior, estás aceptando la política de privacidad de Linio.com.pe además de recibir notificaciones de sus ofertas y promociones.
Este mensaje ha sido enviado a través de ip2trama <at> gmail.com para que descubras Linio.com.pe. Si no quieres recibir otras recomendaciones para conocer Linio.com.pe, puedes desuscribirte aquí.
© 2014, Linio o sus compañías afiliadas. Todos los derechos reservados.

_______________________________________________
squid-users mailing list
squid-users <at> lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users
Greg | 24 Feb 17:31 2015
Picon

Re: Tracking down cache MISSes

>> Hi all,
>>
>> so, there's my proxy problem I couldn't crack, even after spending
>> 2+ days tweaking-googling-debugging. :(
>>
>> The problem: my _new_ Squid installation (Ubuntu 14 LTS with Squid
>> 3.3.8) won't cache most pages the old Squid does (old Fedora with
>> Squid 3.1.15).
>
> Both versions are antique.
>
> Man, you change one rancid meat to another rancid meat.
>
> Just FYI - current Squid version at least 3.4.12. Oh, this branch is
> already deprecated... shit, current version is 3.5.2!
>
> This must be your starting point.

Thanks for your comment. Please note that this version is what's
supported by Ubuntu LTS for the next 5 years. This happens with all
packages - LTS maintainers choose a stable version and merge security
updates into it, so it stays secure and needs no config updates for 5
years. This is just we need, and it has worked well for Ubuntu 10
(squid 2.7.STABLE7-1ubuntu12.6 is still being supported until this
April!), but it has EOL now and we have to upgrade.

I'd very much like to stay inside this safe zone with our servers. I
understand that others might not do so - please understand some people
do though.

Best regards,
Greg
_______________________________________________
squid-users mailing list
squid-users <at> lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users
Peter Oruba | 24 Feb 15:44 2015

Re: Log proxy hostname along with HTTP access URI



Am 24.02.2015 um 15:39 schrieb Ron Wheeler <rwheeler <at> artifact-software.com>:

On 24/02/2015 9:04 AM, Peter Oruba wrote:
Hello everybody,

I’d like to distinguish multiple clients that are behind NAT from Squid’s perspective. Proxy authentication or sessions are not an option for different reasons and the idea that came up was to assign each client a unique hostname through which Squid would be addressed (e.g. UUID1.proxy.example.com and UUID2.proxy.example.com) A DNS wildcard entry *.proxy.example.com would make sure each proxy referral points to the same machine. Question: Is there a way to let Squid log the DNS name through which a client referred to it? I was not able to find any example in this regard and I assume that the proxy hostname is „lost“ after the client's DNS lookup and that the client-proxy connection is established.

Thanks,
Peter



_______________________________________________ squid-users mailing list squid-users <at> lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
Not a direct answer but...
Is it possible to get this info from the log kept by the service(http) that is getting the request?

-- Ron Wheeler President Artifact Software Inc email: rwheeler <at> artifact-software.com skype: ronaldmwheeler phone: 866-970-2435, ext 102
Virtual hosts on web servers?  Yes, the same principle, but on Squid.
_______________________________________________
squid-users mailing list
squid-users <at> lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users
Peter Oruba | 24 Feb 15:04 2015

Log proxy hostname along with HTTP access URI

Hello everybody,

I’d like to distinguish multiple clients that are behind NAT from Squid’s perspective. Proxy authentication or sessions are not an option for different reasons and the idea that came up was to assign each client a unique hostname through which Squid would be addressed (e.g. UUID1.proxy.example.com and UUID2.proxy.example.com) A DNS wildcard entry *.proxy.example.com would make sure each proxy referral points to the same machine. Question: Is there a way to let Squid log the DNS name through which a client referred to it? I was not able to find any example in this regard and I assume that the proxy hostname is „lost“ after the client's DNS lookup and that the client-proxy connection is established.

Thanks,
Peter

_______________________________________________
squid-users mailing list
squid-users <at> lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users
Greg | 24 Feb 13:54 2015
Picon

Need better debug_options values to track down cache MISSes

Hi all,

I'm new to squid administration, with basic *nix admin skills. My task now is to replace an old Squid reverse proxy server (3.1.15 on an old Fedora) with a new one (Squid 3.3.8 on Ubuntu 14 LTS) and ran into a problem.

I've spent 2 days tweaking-googling-debugging, now looking for some help...

Problem is, with the ~same configuration, the old Squid caches HTML pages well and the new doesn't. This is a major concern, we're using Squid exactly to do that and get the load off our appservers.

In this first mail, I'm only asking for a hint on what debug_options to use. In previous list emails I've seen that some details help, so here they are:
- Reverse proxy, port 80 only, one uplink straight to the app servers.
- Pretty standard configuration, standard refresh_patterns.
- Disk and memory cache, disk cache initialised with -z.
- Clocks are in sync (except for the old proxy server) using ntpd.
- Squid gives HITs for favicon.ico and RSS feeds only - these have different headers and mimetypes compared to HTML files (and that's by design).
- This new server seems to save accessed HTML files on disk but still gives X-Cache-Lookup:MISS for all of them later.
- I've found the debug_options sections page but section names are ambiguous for someone who's not a Squid programmer. I had to download the source code, analysed it and tried "debug_options 11,1 22,6 85,3 88,5 33,1 31,5 90,5" which is too much and "debug_options 88,5 85,5 22,6 11,5 33,1" which might be too little.
- Headers look okay (Cache-Control, Pragma, Vary), stale/fresh calculation looks okay (pages are deemed fresh) in the debug log.
- The best I got so far is this: "client_side_reply.cc(1618) identifyFoundObject: clientProcessRequest2: StoreEntry is NULL -  MISS", even for pages I see in the disk cache -- I'd like to know why does it occur, probably need some more good debug_options. I don't understand the code too well, don't know which direction to take.

Please suggest some more good debug_options to continue with.

Best regards,
Greg

PS. Also, I'll submit another mail with the details of the problem + the config, hoping someone spots a problem right away.

_______________________________________________
squid-users mailing list
squid-users <at> lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users
zanettiza | 24 Feb 07:25 2015
Picon

Authenication denies access to ports

Hi Everyone,I've searched and search but have not found an answer to my
question.I'm running CentOS 7 and Squid 3.3.4. When I insert "http_access
allow Safe_ports" AFTER "http_access allow authenticated_users" I have no
access to ports listed under my Safe_ports ACL, however when I put it before
then everything works just fine, obviously that is then ignoring
authentication.Any thoughts on how I can overcome this? I have tried many
different configurations but nothing really works.Thanks!

--
View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/Authenication-denies-access-to-ports-tp4670040.html
Sent from the Squid - Users mailing list archive at Nabble.com.
_______________________________________________
squid-users mailing list
squid-users <at> lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users
HackXBack | 24 Feb 01:16 2015
Picon

again i lost my cache with upgrading for 3.5.2

i did that with version 3.5.1
now wen upgrade again for 3.5.2 my cache damaged again !!
i just want to know how this version is stable !!
its full of bugs !!

cache.log = 
2015/02/23 19:20:51 kid1| Could not parse headers from on disk object
2015/02/23 19:20:51 kid1| BUG 3279: HTTP reply without Date:
2015/02/23 19:20:51 kid1| StoreEntry->key: BCE3520785CBE31A447841BAEB9FC542
2015/02/23 19:20:51 kid1| StoreEntry->next: 0
2015/02/23 19:20:51 kid1| StoreEntry->mem_obj: 0x6dab40f0
2015/02/23 19:20:51 kid1| StoreEntry->timestamp: -1
2015/02/23 19:20:51 kid1| StoreEntry->lastref: 1424737251
2015/02/23 19:20:51 kid1| StoreEntry->expires: -1
2015/02/23 19:20:51 kid1| StoreEntry->lastmod: -1
2015/02/23 19:20:51 kid1| StoreEntry->swap_file_sz: 0
2015/02/23 19:20:51 kid1| StoreEntry->refcount: 1
2015/02/23 19:20:51 kid1| StoreEntry->flags:
DISPATCHED,PRIVATE,FWD_HDR_WAIT,VALIDATED
2015/02/23 19:20:51 kid1| StoreEntry->swap_dirn: -1
2015/02/23 19:20:51 kid1| StoreEntry->swap_filen: -1
2015/02/23 19:20:51 kid1| StoreEntry->lock_count: 3
2015/02/23 19:20:51 kid1| StoreEntry->mem_status: 0
2015/02/23 19:20:51 kid1| StoreEntry->ping_status: 2
2015/02/23 19:20:51 kid1| StoreEntry->store_status: 1
2015/02/23 19:20:51 kid1| StoreEntry->swap_status: 0
2015/02/23 19:20:51 kid1| assertion failed: store.cc:1885: "isEmpty()"

=================== and keep restarting ....

and for debug gdb
=============================================================
root <at> loai:~# gdb /usr/sbin/squid /var/spool/squid/cache/squid/core
GNU gdb (GDB) 7.4.1-debian
Copyright (C) 2012 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later
<http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-linux-gnu".
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>...
Reading symbols from /usr/sbin/squid...done.
[New LWP 20099]
[New LWP 20155]
[New LWP 20147]
[New LWP 20153]
[New LWP 20149]
[New LWP 20146]
[New LWP 20154]
[New LWP 20152]
[New LWP 20157]
[New LWP 20151]
[New LWP 20161]
[New LWP 20158]
[New LWP 20166]
[New LWP 20168]
[New LWP 20164]
[New LWP 20148]
[New LWP 20163]
[New LWP 20172]
[New LWP 20144]
[New LWP 20145]
[New LWP 20171]
[New LWP 20162]
[New LWP 20165]
[New LWP 20167]
[New LWP 20174]
[New LWP 20159]
[New LWP 20175]
[New LWP 20169]
[New LWP 20160]
[New LWP 20150]
[New LWP 20170]
[New LWP 20173]
[New LWP 20156]

warning: Can't read pathname for load map: Input/output error.
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
Core was generated by `(squid-1) -YC -f /etc/squid/squid.conf'.
Program terminated with signal 6, Aborted.
#0  0x00007f854c547165 in raise () from /lib/x86_64-linux-gnu/libc.so.6
(gdb) backtrace
#0  0x00007f854c547165 in raise () from /lib/x86_64-linux-gnu/libc.so.6
#1  0x00007f854c54a3e0 in abort () from /lib/x86_64-linux-gnu/libc.so.6
#2  0x000000000058739f in xassert (msg=<optimized out>, file=<optimized
out>, line=<optimized out>) at debug.cc:544
#3  0x0000000000648a0c in StoreEntry::startWriting (this=0x6e50d970) at
store.cc:1885
#4  0x000000000077459e in Client::setFinalReply (this=0x71474228,
rep=0x70f79970) at Client.cc:158
#5  0x00000000005d0d68 in HttpStateData::processReply (this=0x71474228) at
http.cc:1238
#6  0x00000000005d354a in JobDialer<HttpStateData>::dial (this=0x719fe0f0,
call=...) at base/AsyncJobCalls.h:174
#7  0x00000000006c8139 in AsyncCall::make (this=0x719fe0c0) at
AsyncCall.cc:40
#8  0x00000000006cbd8f in AsyncCallQueue::fireNext
(this=this <at> entry=0x27c5bf0) at AsyncCallQueue.cc:56
#9  0x00000000006cc0c0 in AsyncCallQueue::fire (this=0x27c5bf0) at
AsyncCallQueue.cc:42
#10 0x000000000059872c in EventLoop::runOnce
(this=this <at> entry=0x7fffb403fbe0) at EventLoop.cc:120
#11 0x00000000005988d0 in EventLoop::run (this=0x7fffb403fbe0) at
EventLoop.cc:82
#12 0x00000000005fc468 in SquidMain (argc=<optimized out>, argv=<optimized
out>) at main.cc:1508
#13 0x00000000005154bb in SquidMainSafe (argv=<optimized out>,
argc=<optimized out>) at main.cc:1240
#14 main (argc=<optimized out>, argv=<optimized out>) at main.cc:1233
(gdb)

--
View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/again-i-lost-my-cache-with-upgrading-for-3-5-2-tp4670035.html
Sent from the Squid - Users mailing list archive at Nabble.com.
_______________________________________________
squid-users mailing list
squid-users <at> lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users
Mike Mitchell | 23 Feb 23:01 2015
Picon

request_body_max_size on transparent proxy


I'm trying to POST large files (>1MB) through a squid 3.5.2 proxy set up to intercept connections.

The client is including an 'Expect: 100-continue' header, and sends all headers in a single network packet.
POSTs of content smaller than 1MB go through, but larger POSTs do not.
The client's TCP connection is being reset without squid sending any sort of error page.
Nothing is logged in squid -- not in the access log, not in the cache log.  It's as if that request never happened.
The client just gets a closed connection.

I'm running with the default 'request_body_max_size', it is not specified in my configuration.
That should mean "unlimited" for the request body.

If I configure the client to explicitly use the same proxy on a different, non-transparent port, the large
POSTs go through correctly.  It is as if request_body_max_size does not function on a port marked 'transparent'.

Has anyone else seen this problem?
I've found one reference to it in my searches, http://nerdanswer.com/answer.php?q=336233

Mike Mitchell

_______________________________________________
squid-users mailing list
squid-users <at> lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users
Mike Mitchell | 23 Feb 22:48 2015
Picon

Building 3.5.1 without libcom_err?

Is there a way to build 3.5.1 without libcom_err?
On my old Redhat system (2.6.18-128.1.1.el5) I get compilation failures unless I remove all references to libcom_err.

Here's a snippet from the config log:

configure:24277: checking for krb5.h
configure:24277: result: yes
configure:24277: checking com_err.h usability
configure:24277: g++ -c -g -O2    conftest.cpp >&5
conftest.cpp:110:21: error: com_err.h: No such file or directory
configure:24277: $? = 1
configure: failed program was:
| /* confdefs.h */
...

configure:24330: checking for error_message in -lcom_err
configure:24355: g++ -o conftest -g -O2    -g conftest.cpp -lcom_err  -lrt -ldl -ldl   
-lgssapi_krb5 -lkrb5 -lk5crypto -lcom_err -lkrb5 -lk5crypto -lcom_err  >&5
/usr/bin/ld: skipping incompatible /usr/lib/libcom_err.so when searching for -lcom_err
/usr/bin/ld: skipping incompatible /usr/lib/libcom_err.a when searching for -lcom_err
/usr/bin/ld: cannot find -lcom_err
collect2: ld returned 1 exit status

Later when I try to build squid I get the same "incompatible /usr/lib/libcom_err.so" error message and the
build stops.

If I hand-edit the Makefiles in the various directories and remove "-lcom_err", the build succeeds and the
executables run properly.

I run configure with --with-krb5-config="no" --without-mit-krb5 --without-heimdal-krb5 --without-gnutls

But it still tries linking in the krb libraries and the com_err library.

Any suggestions?

Mike Mitchell
_______________________________________________
squid-users mailing list
squid-users <at> lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users
Alan Palmer | 23 Feb 20:49 2015
Picon

tlsv1 alert errors

So I got squid to intercept http and https traffic, but I get the 
following error on any https access

2015/02/23 12:50:15 kid1| clientNegotiateSSL: Error negotiating SSL 
connection o
n FD 28: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown 
ca (1/0
)

This of course leads to all kinds of site untrusted/compromised errors 
in client browsers.

 From looking in the archives this usually occurs because of a 
missing/outdated root CA file.
I have the following liness in squid.conf

https_port 127.0.0.1:3127 intercept ssl-bump \
   generate-host-certificates=on \
   dynamic_cert_mem_cache_size=16MB \
   cert=/etc/squid/ssl_cert/MyCA.pem\
   cafile=/etc/ssl/cert.pem # tried without the cafile cirective here as 
well

https_port [::1]:3127 intercept ssl-bump \
   generate-host-certificates=on \
   dynamic_cert_mem_cache_size=16MB \
   cert=/etc/squid/ssl_cert/MyCA.pem\
   cafile=/etc/ssl/cert.pem #tried without the cafile directive here as well

#
sslcrtd_program /usr/local/libexec/squid/ssl_crtd -s /data/squid/ssl_db 
-M 16MB
sslcrtd_children 10
always_direct allow all
sslproxy_cert_error allow all
ssl_bump server-first all
sslproxy_cafile /etc/ssl/cert.pem
#sslproxy_cert_error allow all
#sslproxy_flags DONT_VERIFY_PEER

The /etc/ssl/cert.pem file distributed with openbsd 5.6 has 44 root ca's 
listed (see below).

Is there anyway to get squid to tell me which CA is unknown? If so I can 
get that CA file and add it in.  Or is there a place to get a good 
rootca.pem file? Or is something else wrong?

Thanks muchly for helping the newbie.

Alan

the openbsd5.6 cert.pem contains the following issuers/certificates:
# grep Issuer /etc/ssl/cert.pem
         Issuer: C=US, O=GTE Corporation, OU=GTE CyberTrust Solutions, 
Inc., CN=G
TE CyberTrust Global Root
         Issuer: C=US, O=Equifax, OU=Equifax Secure Certificate Authority
         Issuer: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary 
Certification
Authority - G2, OU=(c) 1998 VeriSign, Inc. - For authorized use only, 
OU=VeriSig
n Trust Network
         Issuer: C=BE, O=GlobalSign nv-sa, OU=Root CA, CN=GlobalSign Root CA
         Issuer: OU=GlobalSign Root CA - R2, O=GlobalSign, CN=GlobalSign
         Issuer: OU=GlobalSign Root CA - R3, O=GlobalSign, CN=GlobalSign
         Issuer: C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting 
cc, OU=C
ertification Services Division, CN=Thawte Premium Server 
CA/emailAddress=premium
-server <at> thawte.com
         Issuer: C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting 
cc, OU=C
ertification Services Division, CN=Thawte Server 
CA/emailAddress=server-certs <at> th
awte.com
         Issuer: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary 
Certification
Authority
         Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, 
OU=(c) 2006 V
eriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public 
Primary Cert
ification Authority - G5
         Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, 
OU=(c) 1999 V
eriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public 
Primary Cert
ification Authority - G3
         Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, 
OU=(c) 2007 V
eriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public 
Primary Cert
ification Authority - G4
         Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, 
OU=(c) 2008 V
eriSign, Inc. - For authorized use only, CN=VeriSign Universal Root 
Certificatio
n Authority
         Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, 
OU=(c) 1999 V
eriSign, Inc. - For authorized use only, CN=VeriSign Class 4 Public 
Primary Cert
ification Authority - G3
         Issuer: C=IL, O=StartCom Ltd., OU=Secure Digital Certificate 
Signing, CN
=StartCom Certification Authority
         Issuer: L=ValiCert Validation Network, O=ValiCert, Inc., 
OU=ValiCert Class 2 Policy Validation Authority, 
CN=http://www.valicert.com//emailAddress=info <at> valicert.com
         Issuer: C=US, O=Entrust.net, OU=www.entrust.net/CPS incorp. by 
ref. (limits liab.), OU=(c) 1999 Entrust.net Limited, CN=Entrust.net 
Secure Server Certification Authority
         Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert 
High Assurance EV Root CA
         Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert 
Assured ID Root CA
         Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert 
Global Root CA
         Issuer: C=US, O=Equifax Secure Inc., CN=Equifax Secure Global 
eBusiness CA-1
         Issuer: C=US, O=Equifax Secure Inc., CN=Equifax Secure 
eBusiness CA-1
         Issuer: C=US, O=GeoTrust Inc., CN=GeoTrust Global CA
         Issuer: C=US, O=GeoTrust Inc., CN=GeoTrust Global CA 2
         Issuer: C=US, O=GeoTrust Inc., CN=GeoTrust Primary 
Certification Authority
         Issuer: C=US, O=GeoTrust Inc., OU=(c) 2008 GeoTrust Inc. - For 
authorized use only, CN=GeoTrust Primary Certification Authority - G3
         Issuer: C=US, O=GeoTrust Inc., CN=GeoTrust Universal CA
         Issuer: C=US, O=GeoTrust Inc., CN=GeoTrust Universal CA 2
         Issuer: C=US, O=The Go Daddy Group, Inc., OU=Go Daddy Class 2 
Certification Authority
         Issuer: C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., 
CN=Go Daddy Root Certificate Authority - G2
         Issuer: C=US, O=Starfield Technologies, Inc., OU=Starfield 
Class 2 Certification Authority
         Issuer: C=US, ST=Arizona, L=Scottsdale, O=Starfield 
Technologies, Inc., CN=Starfield Root Certificate Authority - G2
         Issuer: C=US, ST=Arizona, L=Scottsdale, O=Starfield 
Technologies, Inc., CN=Starfield Services Root Certificate Authority - G2
         Issuer: C=IL, O=StartCom Ltd., CN=StartCom Certification 
Authority G2
         Issuer: C=US, O=thawte, Inc., OU=Certification Services 
Division, OU=(c) 2006 thawte, Inc. - For authorized use only, CN=thawte 
Primary Root CA
         Issuer: C=US, O=thawte, Inc., OU=(c) 2007 thawte, Inc. - For 
authorized use only, CN=thawte Primary Root CA - G2
         Issuer: C=US, O=thawte, Inc., OU=Certification Services 
Division, OU=(c) 2008 thawte, Inc. - For authorized use only, CN=thawte 
Primary Root CA - G3
         Issuer: C=SE, O=AddTrust AB, OU=AddTrust External TTP Network, 
CN=AddTrust External CA Root
         Issuer: C=GB, ST=Greater Manchester, L=Salford, O=Comodo CA 
Limited, CN=AAA Certificate Services
         Issuer: C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, 
OU=http://www.usertrust.com, CN=UTN-USERFirst-Hardware
         Issuer: C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore 
CyberTrust Root
         Issuer: C=DE, O=Deutsche Telekom AG, OU=T-TeleSec Trust Center, 
CN=Deutsche Telekom Root CA 2
         Issuer: C=DE, O=T-Systems Enterprise Services GmbH, 
OU=T-Systems Trust Center, CN=T-TeleSec GlobalRoot Class 2
         Issuer: C=DE, O=T-Systems Enterprise Services GmbH, 
OU=T-Systems Trust Center, CN=T-TeleSec GlobalRoot Class 3

_______________________________________________
squid-users mailing list
squid-users <at> lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Gmane