justin@tryllian.com wrote:
> If I try to get these sertificates to work with Squid 2.5 (https_port 443
> cert=/usr/local/squid/etc/server.pem) and put all 3 certificates + the
> private key in 1 pem file... the CA is not recognized by my browser.. in
> the certificate hierarchy there is no mention of any CA, only my key is
> shown..
You might want to try the SSL update available from
http://devel.squid-cache.org/ssl/, it includes support for SSL
certificate chains.
If you do not feel like using the whole SSL update then just the
following change in ssl_support.c should do the trick:
From:
if (!SSL_CTX_use_certificate_file(sslContext, certfile,
SSL_FILETYPE_PEM)) {
To:
if (!SSL_CTX_use_certificate_chain_file(sslContext, certfile)) {
Regards
Henrik
Received on Tue Dec 31 2002 - 06:12:12 MST
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:12:16 MST