Re: [squid-users] SSL Reverse Proxying

From: Henrik Nordstrom <[email protected]>
Date: Thu, 20 Mar 2003 08:27:17 +0100

The key is the file below the ssl.key directory.

The certificate is the file below the ssl.crt directory.

Both should be specified in your httpd.conf file for Apache.

Regards
Henrik

G D McKee wrote:
>
> Hi
>
> I have the https server up and running.
>
> The /usr/local/etc/apache has the following ssl files in it - which ones do
> need map squid to?
>
> drwxr-xr-x 2 root wheel 512 Oct 13 16:50 ssl.crl
> drwxr-xr-x 2 root wheel 512 Nov 7 21:26 ssl.crt
> drwxr-xr-x 2 root wheel 512 Oct 13 16:50 ssl.csr
> drwx------ 2 root wheel 512 Oct 13 16:50 ssl.key
> drwxr-xr-x 2 root wheel 512 Oct 13 16:50 ssl.prm
>
> I have tried https_port 192.168.0.1:443 cert='....' keys='....' etc but
> squid just keeps on core dumping when fired up.
>
> Many thanks
>
> Gordon
>
> ----- Original Message -----
> From: "Henrik Nordstrom" <hno@squid-cache.org>
> To: <squid@gdmckee.com>
> Cc: <squid-users@squid-cache.org>
> Sent: Wednesday, March 19, 2003 5:44 PM
> Subject: Re: [squid-users] SSL Reverse Proxying
>
> > See the guides for Apache mod_ssl or any other OpenSSL based server.
> >
> > Note: If you have a certificate then you MUST use the key the
> > certificate is generated for. A certificate is only valid when paired
> > with the correct private key from which the certificate request was
> > generated.
> >
> > Squid wants the certificate and key in unencrypted PEM format (encrypted
> > format is also OK, but then Squid must be started with the -N option to
> > allow entering the key encryption password).
> >
> > Regards
> > Henrik
> >
> >
> > ons 2003-03-19 klockan 16.38 skrev squid@gdmckee.com:
> > > Hi
> > >
> > > I have got the regular reverse proxy working but can't get a certificate
> > > working for the ssl part of it. Does anyone have an openssl command
> that will
> > > generate me a key to point squid to.
> > >
> > > Thanks in advance
> > >
> > > Gordon
> > >
> > >
> > >
> > > -------------------------------------------------
> > > This mail sent through IMP: http://horde.org/imp/
> > --
> > Henrik Nordstrom <hno@squid-cache.org>
> > MARA Systems AB, Sweden
> >
> >
Received on Thu Mar 20 2003 - 01:03:15 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:14:10 MST