[squid-users] SSL Reverse Proxy testing With Invalid Certificate, can it be done.

From: Dean Weimer <dweimer_at_orscheln.com>
Date: Fri, 25 Sep 2009 10:57:25 -0500

I am trying to setup a test with an SSL reverse proxy on an intranet site, I currently have a fake self signed certificate and the server is answering on the HTTP side just fine, and answering on the HTTPS however I get a (92) protocol error returned from the proxy when trying to access it through HTTPS.

I have added the following lines for the HTTPS option

https_port 443 accel cert=/usr/local/squid/etc/certs/server.crt key=/usr/local/squid/etc/certs/server.key defaultsite=mysite vhost

cache_peer 10.20.10.76 parent 443 0 no-query originserver ssl sslflags=DONT_VERIFY_PEER,DONT_VERIFY_DOMAIN name=secure_mysite

From the log I can see the error is caused by the invalid certificate.

2009/09/25 11:38:07| SSL unknown certificate error 18 in...
2009/09/25 11:38:07| fwdNegotiateSSL: Error negotiating SSL connection on FD 15: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed (1/-1/0)

Is there a way that I can tell it to go ahead and trust this fake certificate during testing while I wait for the actual certificate that is valid, to be issued.

Thanks,
     Dean Weimer
     Network Administrator
     Orscheln Management Co
Received on Fri Sep 25 2009 - 15:57:33 MDT

This archive was generated by hypermail 2.2.0 : Tue Sep 29 2009 - 12:00:03 MDT