[squid-users] Urgent: Squid as SSL-Gateway on Solaris8@x86

Hi Gurus,
the following is my Problem:

Our internal Webserver (lets call it www.freedom.de) ONLY serves http, not https Requests!
There is no way to change this because the Server is Part of an Application.

Our Customers need to connect over the Internet to this Maschine.

We want that our Customers first Connect to Squid with https because of sensitive Data.
After that Squid must connect to our internal Server with only http!

We read that Squid 2.5 could do this.

For better understanding:

        Internal Webserver <-------------------< Our Squid <----------------------------< Customers from the internet
                                    This way http This way https

We need this only for one Webserver.

Netscape 7 on a Solaris8@sparc Box is used for testing. I test the whole thing from an internal Client.
Netscape is configured with: http Proxy Port 80 and https Proxy with Port 443.

When I type in "https://www.freedom.de" at my browser it Times out.
The Following error occurs in cache.log

2003/06/03 13:58:19| clientAccessCheck: proxy request denied in accel_only mode
2003/06/03 13:58:29| clientNegotiateSSL: Error negotiating SSL connection on FD 14: error:1407609B:SSL routines:SSL23_GET_CLIENT_HELLO:https proxy request
2003/06/03 13:58:29| clientNegotiateSSL: Error negotiating SSL connection on FD 14: error:1407609B:SSL routines:SSL23_GET_CLIENT_HELLO:https proxy request
2003/06/03 13:58:29| clientNegotiateSSL: Error negotiating SSL connection on FD 14: error:1407609B:SSL routines:SSL23_GET_CLIENT_HELLO:https proxy request
2003/06/03 13:58:29| clientNegotiateSSL: Error negotiating SSL connection on FD 14: error:1407609B:SSL routines:SSL23_GET_CLIENT_HELLO:https proxy request
2003/06/03 13:58:29| clientNegotiateSSL: Error negotiating SSL connection on FD 14: error:1407609B:SSL routines:SSL23_GET_CLIENT_HELLO:https proxy request
2003/06/03 13:58:29| clientNegotiateSSL: Error negotiating SSL connection on FD 14: error:1407609B:SSL routines:SSL23_GET_CLIENT_HELLO:https proxy request
2003/06/03 13:58:29| clientNegotiateSSL: Error negotiating SSL connection on FD 14: error:1407609B:SSL routines:SSL23_GET_CLIENT_HELLO:https proxy request
2003/06/03 13:58:29| clientNegotiateSSL: Error negotiating SSL connection on FD 14: error:1407609B:SSL routines:SSL23_GET_CLIENT_HELLO:https proxy request
2003/06/03 13:58:29| clientNegotiateSSL: Error negotiating SSL connection on FD 14: error:1407609B:SSL routines:SSL23_GET_CLIENT_HELLO:https proxy request
2003/06/03 13:58:29| clientNegotiateSSL: Error negotiating SSL connection on FD 14: error:1407609B:SSL routines:SSL23_GET_CLIENT_HELLO:https proxy request

I set the following in squid.conf:

http_port webgate.ssl:80
https_port webgate.ssl:443 cert=/etc/certs/sec_cert.pem key=/etc/certs/sec_key.pem
ssl_unclean_shutdown on
cache_store_log none
http_access allow all (cause of testing)
visible_hostname webgate.ssl
httpd_accel_host www.freedom.de
httpd_accel_port 80
httpd_accel_single_host on

The ssl Certificates are generated as follows:
openssl req -new -x509 -nodes -keyout sec_key.pem sec_cert.pem
The "common name" is set to "www.freedom.de"
The files are copied to "/etc/certs".
We use Squid 2.5 Stable 2
configured and build with openssl 0.9.6.i using "--enable-ssl"
gcc is 3.2.2

Additional Question:
Is it possible to run one "normal" Squid and one which is only used for this accelerator thing on one Maschine?
If I start one Squid and then the other the last one tell me that there is already one Squid running.
But one Squid is in /usr/local/squid and the other in /usr/local/squid.ssl.
The cache_effective_user and group are set to different users and groups.
What can i do?
Just mixed Mode?

millions of THX's to all people who try to help me!!!

regards Aleks

Deutsche Telekom AG
Aleksander Pavic
Customer Care Office
Kundenniederlassung Recklinghausen / Essen
Am Fernmeldeamt 10
45145 Essen
Telefon: (0201) 817 - 92278
E-Mail: aleksander.pavic@telekom.de
Received on Tue Jun 03 2003 - 09:22:26 MDT