Re: [squid-users] Configuring cache_peer to use ssl

From: Chris Robertson <>
Date: Tue, 15 Apr 2008 13:48:33 -0800

Janis wrote:
> Quoting Chris Robertson <>:
>> So the child Squid is trying to negotiate an SSL connection with a port
>> on the Parent that's not set up to accept it. See
>> for
>> the proper directive to terminate an SSL connection.
> so, on the parent should be the line(s?):
> http_port IP:PORT1
> for non-ssl connections and
> https_port IP:PORT2 cert=self_s_cert.pem key=key.pem
> for ssl connections

That looks reasonable to me.

> and on secondary proxy - as was written before?

Just be sure on the secondary proxy to set the cache_peer line to use
PORT2 on the peer if you want to use SSL connections. Also be aware
that if you try to use two ports on the same peer, you are going to have
to use the "name" directive on each cache_peer line like...

cache_peer parent 3128 3130 proxy-only name=port-3128
cache_peer parent 3129 3130 proxy-only ssl
sslcert=[blah, blah] name=port-3129

> Janis

Received on Tue Apr 22 2008 - 14:15:32 MDT

This archive was generated by hypermail 2.2.0 : Thu May 01 2008 - 12:00:04 MDT