[squid-users] HTTPS Proxy

[John Brayton]

I am setting up a Squid proxy server. It needs to be available on a
public IP address, so I need traffic between the client and the proxy
to be secure. I have a wildcard SSL certificate from a certificate
authority (Namecheap). I have these files:

- A key file with an RSA key
- A certificate file
- A certificate chain file, with the signing certificates from Namecheap
- A combined file that includes both the certificate file and the
certificate chain file.

All these files are in PEM format. I am trying to work out how to
configure squid to use these files as expected. As it stands, I have:

https_port 8888 tls-cert=/etc/squid/combined.pem tls-key=/etc/squid/key.pem
When using a curl client, I issue this:

curl -i -x https://[proxyhost]:8888 [website_url]

I get this response:

curl: (60) SSL certificate problem: unable to get local issuer certificate
More details here: https://curl.se/docs/sslcerts.html

curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.

I get the same error regardless of whether website_url is an HTTP URL
or an HTTPS URL, so I assume the issue is not the website.

How do I make the squid server trusted by clients?

John