Hey,
Only to this specific host or also all the subdomains etc..
It differs a bit..
A small look at this wiki:
http://wiki.squid-cache.org/Features/MimicSslServerCert
Will calrify some doubts and situations which you will might see some
problem.
Eliezer
On 10/17/2013 06:44 PM, Larry Zhao wrote:
> Hi, Guys,
>
>
> I am trying to setup a SSL proxy for one of my internal servers to
> visit `https://www.googleapis.com` using Squid, to make my Rails
> application on that server to reach `googleapis.com` via the proxy.
>
>
> I am new to this, so my approach is to setup a SSL transparent proxy
> with Squid. I build `Squid 3.3` on Ubuntu 12.04, generated a pair of
> ssl key and crt, and configure squid like this:
>
>
> http_port 443 transparent cert=/home/larry/ssl/server.csr
> key=/home/larry/ssl/server.key
>
>
> And leaves almost all other configurations default. The authorization
> of the dir that holds key/crt is `drwxrwxr-x 2 proxy proxy 4096
> Oct 17 15:45 ssl`
>
>
> Back on my dev laptop, I put `<proxy-server-ip> www.googleapis.com` in
> my `/etc/hosts` to make the call goes to my proxy server.
>
>
> But when I try it in my rails application, I got:
>
>
> SSL_connect returned=1 errno=0 state=SSLv2/v3 read server hello A:
> unknown protocol
>
>
> And I also tried with openssl in cli:
>
>
> openssl s_client -state -nbio -connect www.googleapis.com:443 2>&1
> | grep "^SSL"
>
> SSL_connect:before/connect initialization
>
> SSL_connect:SSLv2/v3 write client hello A
>
> SSL_connect:error in SSLv2/v3 read server hello A
>
> SSL_connect:error in SSLv2/v3 read server hello A
>
>
>
> Where did I do wrong?
>
> --
>
> Cheers ~
>
> Larry
>
Received on Thu Oct 17 2013 - 18:48:39 MDT
This archive was generated by hypermail 2.2.0 : Fri Oct 18 2013 - 12:00:07 MDT