Hi Amos
Thanks for your reply
I have made reverse proxy setup as follows,
Client(https)-------(https)squid1(https))----(https)Originserver(8443)
I have made squid conf as follows and setup works fine
https_port 443 accel cert=/usr/local/myCA/certs/server.crt
key=/usr/local/myCA/private/server.key
cache_peer originserver parent 8443 0 originserver ssl no-digest
sslcafile=/usr/local/myCA/certs/myca.crt no-digest
Whether i need to specify ssl certificates/key in the cache_peer using
sslcert and sslkey for the connections between squid and origin server
to be in https?
or just the CA certificate of the apache is enough.?
Thanks,
Anandha V
On Fri, Nov 11, 2011 at 5:59 AM, Amos Jeffries <squid3_at_treenet.co.nz> wrote:
> On 10/11/2011 6:00 p.m., Anandha V wrote:
>>
>> Hello all,
>>
>> In the squid i can find the following tags under SSL,
>> sslproxy_client_certificate, sslproxy_client_key, sslproxy_cafile
>>
>> In the reverse proxy configuration can we assign certificates using
>> above tags instead of using the following in sslcert, sslkey,
>> sslcafile, in cache_peer configuration.
>
> The global sslproxy_* directives control what Squid uses on DIRECT traffic
> when it needs to handle all the SSL/TLS details of a https:// URL.
>
> cache_peer contains settings for a specific hard-coded link between this
> Squid and another software which can handle HTTP (proxy or origin server).
> SSL/TLS are some which can be set when that link needs to be encrypted.
>
> There is also a third location where SSL certs etc are setup. On http_port
> when Squid is the receiving end of SSL/TLS connections.
>
> Amos
>
>
Received on Fri Nov 11 2011 - 01:54:36 MST
This archive was generated by hypermail 2.2.0 : Fri Nov 11 2011 - 12:00:02 MST