Amos Jeffries <squid3_at_treenet.co.nz> escribió:
> Luis Daniel Lucio Quiroz wrote:
>> Le Lundi 22 Mars 2010 21:47:05, Guido Marino Lorenzutti a écrit :
>>> Hi people: Im trying to give my clients access to my non ssl
>>> webservers thru my reverse proxies adding ssl support on them.
>>>
>>> Like the subject tries to explain:
>>>
>>> WAN CLIENTS --- SSL SQUID (443) --- NON SSL webserver (80).
>>>
>>> This is the relevant part of the squid.conf:
>>>
>>> https_port 22.22.22.22:443 cert=/etc/squid/crazycert.domain.com.crt
>>> key=/etc/squid/crazycert.domain.com.key
>>> defaultsite=crazycert.domain.com vhost
>>> sslflags=VERIFY_CRL_ALL,VERIFY_CRL cafile=/etc/squid/ca.crt
>>> clientca=/etc/squid/ca.crt
>
> "cafile=" option overrides the "clientca=" option and contains a
> single CA to be checked.
>
> Set clientca= to the file containing the officially accepted global
> CA certificates. The type used for multiple certificates is a .PEM
> file if I understand it correctly.
>
> If you have issued the clients with certificates signed by your own
> custom CA, then add that to the list as well.
>
> I will assume that you know how to do that since you are requiring it.
>
Well, with your suggestion now I can connect. But it seems that
something is missing. I can connect with any browser, with or without
any cert installed on them.
Maybe the VERIFY_CRL_ALL,VERIFY_CRL dosen't work as I expected?
Any ideas?
Tnxs in advance.
Received on Tue Mar 23 2010 - 18:31:51 MDT
This archive was generated by hypermail 2.2.0 : Wed Mar 24 2010 - 12:00:06 MDT