RE: [squid-users] Cert issue on reserve proxy

 
Ok we got it working on our own... sorta. We had to drop ssl between the web server and squid and just do it client to squid. Did this by setting the cache_peer to proxy-only and removing the ssl.

cache_peer <ip> parent <port> 0 no-query proxy-only originserver login=PASS

Now last question: How to create a .key file so we can set squid to start on the https_port line so I can set it to autorun in the init?

-----Original Message-----
From: Henrik Nordstrom [mailto:henrik@henriknordstrom.net]
Sent: Saturday, June 09, 2007 2:39 AM
To: Jason Hitt
Cc: squid-users@squid-cache.org
Subject: RE: [squid-users] Cert issue on reserve proxy

lör 2007-06-09 klockan 09:30 +0200 skrev Henrik Nordstrom:
> tor 2007-06-07 klockan 10:09 -0500 skrev Jason Hitt:
> > 2007/06/07 09:07:02| fwdNegotiateSSL: Error negotiating SSL
> > connection on FD 15: error:00000000:lib(0):func(0):reason(0) (5/0/0)
> > 2007/06/07 09:07:02| TCP connection to <web server ip>/443 failed
>
> The only situation I have seen this error is when the web server
> closes the connection without any notice on why. Any clues in the web
> server error logs?
>
> Does it work if you try using for example my web site as the origin?
>
> cache_peer www.henriknordstrom.net parent 443 0 no-query originserver
> ssl cafile=/path/to/www.henriknordstrom.net.pem

Correction: I meant sslcafile= not cafile=...

>
> The www.henriknordstrom.net.pem certificate is found at
> http://www.henriknordstrom.net/www.henriknordstrom.net.pem or
> alternatively by using "openssl s_client -show_certs -connect
> www.henriknordstrom.net:443". It's a simpe self-signed certificate.
>
> Regards
> Henrik
Received on Tue Jun 12 2007 - 16:46:25 MDT