RE: [squid-users] Default ssl config?

From: Henrik Nordstrom <henrik@dont-contact.us>
Date: Wed, 06 Jun 2007 23:55:11 +0200

ons 2007-06-06 klockan 11:14 -0500 skrev Jason Hitt:
> Thinking maybe I hosted up my squid.conf anf want a config that should
> work for reverse proxy using ssl.

https_port public.ip:443 cert=/path/cert.pem defaultsite=your.public.website.name

cache_peer ip.of.websever parent 443 0 no-query originserver ssl

if the peer is using a self-signed certificate or one issued by a CA not
in your default list of trusted CAs then you also need the sslcafile=
option or sslflags=DONT_VERIFY_PEER (sslflags not recommended, opens for
an man-in-the-middle attack on the encryption). For a self-signed
certificate use the server certificate as a CA, for a otherwise
untrusted CA use the CA root certificate.

If your Squid has digest or icmp support enabled then you also want the
no-digest and no-netdb-exchange options. Will work fine without them,
but you might be a little annoyed by automated HTTP requests from
Squid..

Regards
Henrik

Received on Wed Jun 06 2007 - 15:55:16 MDT

This archive was generated by hypermail pre-2.1.9 : Sun Jul 01 2007 - 12:00:04 MDT