> -----Original Message-----
> From: John Gardner [mailto:John.Gardner_at_southtyneside.gov.uk]
> Sent: Monday, February 14, 2011 8:25 AM
> To: Dean Weimer; squid-users_at_squid-cache.org
> Subject: RE: [squid-users] Reverse Proxy and Externally Generated
Wildcard
> SSL Certificates
>
> >John,
> > I believe what you need to do is export the Certificates from
the IIS
> servers, they will be saved in a .pfx file, which is the PKCS12
format.
> >OpenSSL can convert these into the PEM format that squid supports,
these
> commands will give you the desired output.
> >
> >Exports the Certificate:
> >openssl pkcs12 -in server.pfx -out server.crt -nodes -nokeys -clcerts
> >
> >Exports the Private Key (Note will not be encrypted, store in safe
place):
> >openssl pkcs12 -in server.pfx -out server.key -nodes -nocerts
-clcerts
> >
> >The openssl man page and the pkcs12 man page will have more
information
> about these options if you need them.
>
> Dean
>
> Thanks for the help, but I've just found out that the CSR (and
therefore
> private key) were all generated from a Juniper VPN Appliance and so
now all
> bets are off :-/
>
> Cheers
>
They may already be stored in PEM format then, the JUNEOS that runs on
most Juniper devices was originally derived from FreeBSD and as such its
SSL implementation is likely based on OpenSSL (of course that's just a
guess). I haven't worked on any Juniper devices myself, so I am of no
help in figuring out how to export them.
If they were generated on the Juniper VPN appliance, is that device
already doing HTTPS offloading for you? You might not get the desired
benefit moving that to a Squid proxy server if it is, perhaps just
placing the proxy between the VPN appliance and the backend web server
to utilize the cache would give you the desired outcome without needing
to move the SSL.
Thanks,
Dean Weimer
Network Administrator
Orscheln Management Co
Received on Mon Feb 14 2011 - 14:53:49 MST
This archive was generated by hypermail 2.2.0 : Mon Feb 14 2011 - 12:00:02 MST