Christian Keil wrote:
> Hello,
>
> I was trying to get my Local Lan Squid Proxy to connect trough SSL to
> my dedicated Server on the internet.
>
> I have set it up as parent proxy in my squid.conf on my lan by adding :
>
> cache_peer externalserverip parent 8080 3130 default ssl
> sslcert=/etc/ssl/squid.crt sslkey=/etc/ssl/squid.key sslversion=1
> I created the squid.crt & squid.key by myself.
>
> on the external machine I have added:
>
> https_port 8080 cert=/etc/ssl/squid.pem version=1
>
> I have double chceked that the squid user is able to read
> squid.crt/squid.key & squid.pem
>
> My logfiles show the following:
SNIP
> The Browser shows the following error :
>
> While trying to retrieve the URL: http://www.google.de/
>
> The following error was encountered:
> Connection to parentproxyip Failed
>
> The system returned: (71) Protocol error
>
SNIP
>
> Thanks for any help.
>
> Kind Regards
>
> Christian Keil
I imagine you are using a self-signed certificate. If so, try
cache_peer externalserverip parent 8080 3130 default ssl
sslcert=/etc/ssl/squid.crt sslkey=/etc/ssl/squid.key
sslcafile=/etc/ssl/squid.pem version=1
or (the less secure option)
cache_peer externalserverip parent 8080 3130 default ssl
sslflags=DONT_VERIFY_PEER
See http://www.squid-cache.org/mail-archive/squid-users/200706/0136.html
Feel free to dump the "(ssl)version=1", but make sure you do so on both
the parent and child.
Chris
Received on Tue Jul 10 2007 - 15:35:52 MDT
This archive was generated by hypermail pre-2.1.9 : Wed Aug 01 2007 - 12:00:03 MDT