Re: ssl branch compile problems

Yes.. found that out today....For one user it works now,

Todo for me: I ment for myself. But thanks for the input anyway.

As you stated: a key is for a certain host/domain name:

Q: What if I want to accelerate multiple hosts?

----- Original Message -----
From: "Henrik Nordstrom" <hno@hem.passagen.se>
To: "Henk-Jan Kloosterman" <proxy@kloosterman.org>
Cc: <squid-dev@squid-cache.org>
Sent: Sunday, February 11, 2001 8:39 PM
Subject: Re: ssl branch compile problems

> How to create a self-signed certificate:
>
> openssl req -new -nodes -x509 -out filename.pem -keyout filename.pem
>
> Make sure that the "CN/Common Name" is set to your official server name.
>
> Or reuse the certificate you have for your Apache server. A SSL
> certificate is for a certain host/domainname, not a specific service on
> that host.
>
>
> I will look into cleaning up the accelerator options. Noticed some
> inconsistencies in how the SSL patch handled Host headers and port
> numbers and protocol names..
>
> --
> Henrik Nordstrom
>
>
> Henk-Jan Kloosterman wrote:
> >
> > OK Got it working (forced the /etc/httpd/conf/key* directories to be
owned
> > by the squid users)
> >
> > To do for me:
> > Prevent apache from using the https port (got squid-ssl on port 80 now)
> > Find out ho to make my own certifcates owned by squid.
> >
Received on Sun Feb 11 2001 - 15:04:55 MST