I am kinda new to squid. Been looking over the documentation and I just wanted a sanity check on what I am trying to do.
I have a web client that hits my squid server. The squid connects to an apache server via ssl.
Here are the lines of interest from my squid.conf for version 3.1.8
http_port 80 accel defaultsite=123.123.123.123
cache_peer 123.123.123.123 parent 443 0 no-query originserver ssl sslflags=DONT_VERIFY_PEER name=apache1
The good news is, that works just as I hoped. I get a connection.
But I am questioning the DONT_VERIFY_PEER. Don't I want to verify peer?
I simply hacked up a self signed cert on the apache server. Installed mod_ssl and restarted apache and everything started to work on 443.
On the command line for the squid server I can curl the apache box with:
curl --cacert _the_signed_cert_from_the_apache_node_ https://apache.server
Is there a way with sslcert and sslkey to setup a keypair that will verify? Do I need a signed cert?
I tried to add the cert and key to the cach_peer line in the config. Squid did restart. But no connection. Why would curl work but not squid?
-- -DeanReceived on Fri Apr 27 2012 - 22:37:22 MDT
This archive was generated by hypermail 2.2.0 : Mon Apr 30 2012 - 12:00:04 MDT