[squid-users] Re: SQUID 2.5/2.6 & Openssl

Normally you should be using a real SSL certificate, not a dummy
self-signed one.

Many SSL Certificate Authorities have instructions on how to request
a certificate from them using OpenSSL tools, and often including how
to generate a temporary self-signed certificate for use while waiting
for the real issued certificate.

Note: There is no Squid specific OpenSSL options required for
generating a self-signed certificate for use by Squid. The procedure
is the same for all OpenSSL based servers.

But I probably agree that there may be a need of a SSL section in the
Squid FAQ, covering some of the basics of SSL and OpenSSL.. Any
volunteer for writing such a section (or a FAQ maintainer in
general)?

Regards
Henrik

On Sunday 12 May 2002 13:25, Horst Venzke wrote:
> Hello Hendick
>
> sorry for the above but i mean that i am have to quote an old mesg
> on the squid-dev directly tio you.
>
> --------------------------------cut here-------------
> From: Henrik Nordstrom (hno@hem.passagen.se)
> Date: Thu Apr 26 2001 - 12:02:27 MDT
>
>
> You cannot use a password encrypted key with Squid...
>
> well, it might work if you start Squid with the -N option, but
> using unencrypted keys is the usual way of doing things on SSL
> servers, or else someone must walk to the keyboard and enter the
> SSL key password each time the server restarts...
>
> When generating a simple self-signed certificate I usually use
> openssl req -new -keyout server_key.pem -nodes -x509 -days 365 -out
> server_cert.pem
>
> ------------------------------
>
> Please be so kind and add this comment as part of the squid v2.5/v
> 2.6 FAQ or / and to the SSL Section at the squid.conf
>
> This will help many users to KNOW witch Openssl options are
> required to generate the squid-cert keys.
> Openssl has too many switches and for "outside squid" users your
> comment will defintly help !
>
> Now here squid with ssl support works.
>
> Kind Regards
Received on Sun May 12 2002 - 16:04:36 MDT