[squid-users] Does Squid support two intermediate certificates from different root CAs (same CSR) for sslbump?

Dieter Bloms squid.org at bloms.de
Fri Dec 5 14:50:32 UTC 2025

Previous message (by thread): [squid-users] MFA with squid, is it possible?
Next message (by thread): [squid-users] Does Squid support two intermediate certificates from different root CAs (same CSR) for sslbump?
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hello,

We have been using Squid with SSLBump for years.
The RootCA will expire next year, which is why we have already created a
new RootCA. Since there are still many proprietary clients that do not yet
have the new RootCA, I have two intermediate certificates (one from the
old and one from the new RootCA) issued for the intermediate certificate using
the very same CSR.

Now I have copied these two certificates together with the private key
into a PEM file (first the certificates, then the key), but only the
first certificate is ever delivered.

Is there a way to have the second certificate delivered as well, so that
clients with the old RootCA and clients with the new RootCA can verify
the certificates issued by Squid?

Or is there a better solution in general if the certificates issued by
Squid are to be temporarily validated by two RootCAs?

-- 
Regards

  Dieter Bloms

--
I do not get viruses because I do not use MS software.
If you use Outlook then please do not put my email address in your
address-book so that WHEN you get a virus it won't use my address in the
>From field.

Previous message (by thread): [squid-users] MFA with squid, is it possible?
Next message (by thread): [squid-users] Does Squid support two intermediate certificates from different root CAs (same CSR) for sslbump?
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the squid-users mailing list