fre 2006-11-03 klockan 14:48 +0100 skrev nick humphrey:
> but as soon as i removed "sslflags=DONT_VERIFY_PEER" in the cache_peer
> line i was not able to connect to wl81machine from the internet, and
> the terminal window on wl81machine spat out stuff like this:
OpenSSL on your Squid did not know/trust the CA who have signed the key
of the web server. The list of trusted CA:s can be definied in many
ways, i.e. cafile= or capath=, or even OpenSSL builtin default
locations.
cafile want's a file containing the public certificates of the trusted
CA's. in PEM format.
capath wants an OpenSSL hashed directory of CA certificates.
> it also works just fine with and without originserver in the
> cache_peer line...wierd...it seems to make no difference.
The originserver options is a bit subtle. Most servers work kind of
acceptable without it, but not all. Also some protocol features like
persistent connections or authentication require it to be set properly.
> one question i still have though is, when something does go wrong, the
> error page shows the ip address to the internal machine. i don't want
> that. is that an error page template i need to edit to remove that?
Yes, it's in the error directory.
> how would i get it to display the external domain name instead (if
> possible)?
The available template codes can be found in the FAQ section on writing
custom error messages.
Regards
Henrik
This archive was generated by hypermail pre-2.1.9 : Fri Dec 01 2006 - 12:00:02 MST