I am having a problem where, when visiting a secure URL, the browser
just hangs when using Squid. There is nothing in the logs that indicate
why. The configuration is set up to use dynamic ssl certs.
Can anyone see anything wrong with the configuration below, or why this
may be occurring? It seems as if it cannot resolve the URL, though it
works fine with a general ssl-bump configuration. Thanks in advance.
My configuration is below:
=======================================================================
sslproxy_cert_error allow all
ssl_bump server-first
sslproxy_flags DONT_VERIFY_PEER
sslcrtd_program /usr/local/squid3/libexec/ssl_crtd -s
/usr/local/squid3/var/lib/ssl_db -M 4MB
sslcrtd_children 5
#http_port 10.1.10.136:3128 intercept ssl-bump
generate-host-certificates=on dynamic_cert_mem_cache_size=4MB
cert=/usr/local/squid/certs/star_primepublicsafety_com.crt
key=/usr/local/squid/certs/star_primepublicsafety_com.cer
https_port 10.1.10.136:443 intercept ssl-bump
generate-host-certificates=on dynamic_cert_mem_cache_size=4MB
cert=/usr/local/squid/certs/star_primepublicsafety_com.crt
key=/usr/local/squid/certs/star_primepublicsafety_com.cer
cache_peer 127.0.0.1 parent 443 0 no-query ssl sslflags=DONT_VERIFY_PEER
originserver name=prod
cache_peer 127.0.0.1 parent 8447 0 no-query ssl
sslflags=DONT_VERIFY_PEER originserver name=test
acl USallow src "/etc/httpd/uszone/us.zone"
acl localallow src "/etc/httpd/uszone/local.zone"
acl sites_prod dstdomain ks.ibarsbudget.com
http_access allow sites_prod
cache_peer_access prod allow sites_prod
cache_peer_access prod deny all
acl sites_test dstdomain kstest.ibarsbudget.com
http_access allow sites_test
cache_peer_access test allow sites_test
cache_peer_access test deny all
http_access allow localallow
http_access allow USallow
http_access deny all
Received on Tue Oct 16 2012 - 17:04:37 MDT
This archive was generated by hypermail 2.2.0 : Fri Oct 19 2012 - 12:00:05 MDT