[squid-users] getting a CA to take PEM format csrs

hello:

I have a working config for an https accel setup, but I have hit a big
problem. I have looked over the lists and have not found how other
people deal with this.

I work with Thawte.com to get other certs for other https (apache)
servers, and they have told me they do not accept PEM anything. And I
understand that the csr must be in PEM for a CA to issue a PEM crt.
Thawte has told me it will be really hard to find a CA that accepts PEM.

How have other people here delt with this?

Here attached is Thawte's response to my request.

"Hi Jonathan

The PEM format requirement is misleading, as the PEM format mentioned
actually refers to a standard DER format certificate, the guys
developing
the Apache standards seem to have confused the file types. Therefore
since
you are able to generate standard format CSRs, squid should also work
with
standard format certificates, even though Apache and squid are not the
same
they share the same openssl libraries.

What error message do you receive when you restart the daemon? Please
send
us the error logs."

Of course my logs just say Bungled conf file at the config

Aug 25 17:22:29 owa squid: Bungled squid.conf line 62: https_port 443
cert=/etc/openssl/certs/owa.clinedavis.com.test.crt
key=/etc/openssl/private/owa.clinedavis.com.key

This is using the crt and key that was created using Thawte's
directions.

Any suggestions would be greatly appreciated!

jg

---=---=---
Jonathan Giles
Senior Unix Administrator
Cline Davis Mann

---
Privileged/Confidential Information may be contained in this
message.  If you are not the addressee indicated in this message
(or responsible for delivery of the message to such person), you
may not copy or deliver this message to anyone.  In such case,
you should destroy this message and kindly notify the sender
by reply e-mail.  Please advise immediately if you or your
employer do not consent to Internet e-mail of this kind.
Opinions, conclusions, and other information in this message
that do not relate to the official business of CDM shall
be understood as neither given nor endorsed by it.