Re: [squid-users] HTTPS Reverse Proxy

From: Henrik Nordstrom <henrik@dont-contact.us>
Date: Fri, 21 Sep 2007 15:23:31 +0200

On fre, 2007-09-21 at 12:31 +0100, Gordon McKee wrote:

> here are the squid.conf line
> https_port 82.36.186.17:443
> cert=/usr/local/etc/squid/sslcert/opl20070919.pem ca
> file=/usr/local/etc/squid/sslcert/opl-all.pem name=opls
> defaultsite=www.optimalp
> rofit.com
>
> cache_peer 192.168.0.11 parent 443 0 no-query originserver login=PASS
> nam
> e=opls ssl sslcert=/usr/local/etc/squid/sslcert/opl20070919.pem
> cache_peer_domain opls www.optimalprofit.com

> 2007/09/21 12:24:41| fwdNegotiateSSL: Error negotiating SSL connection on FD
> 19: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate
> verify failed (1/-1/0)
> 2007/09/21 12:24:41| TCP connection to 192.168.0.11/443 failed
>

You need to move cafile from https_port to cache_peer. It's the peers
certificate which is rejected.

It's not needed in https_port.

Regards
Henrik

Received on Fri Sep 21 2007 - 07:23:36 MDT

This archive was generated by hypermail pre-2.1.9 : Mon Oct 01 2007 - 12:00:02 MDT