RE: [squid-users] Verisign cert problem

From: Schaefer, Charles <[email protected]>
Date: Thu, 8 Jan 2004 15:38:41 -0500

How can I tell where to put this file, or which ca-bundle.crt file to chain
this to? I did a find on my system, and there are two files. one in
/usr/share/apps/kssl, and the other in /usr/share/ssl/certs.

squid_GATEWAY_ssl-2.5.patch has been applied before compile.

-----Original Message-----
From: Henrik Nordstrom [mailto:hno@squid-cache.org]
Sent: Thursday, January 08, 2004 3:01 PM
To: Schaefer, Charles
Cc: squid-users@squid-cache.org
Subject: Re: [squid-users] Verisign cert problem

On Thu, 8 Jan 2004, Schaefer, Charles wrote:

> How can I tell where I need to put the new intermediate.crt file I just
got
> from Verisign? They signed my cert on 12/29/03 with their cert that
expired
> on 1/7/04! Now I have to jump through a hoop to fix it.

If you are running Squid as an SSL accelerator server then you need to
chain the intermediary certificate to your certificate. This is done by
placing them both in the same certificate file.

However, if using Squid-2.5 then you also need the SSL update patch
available from http://devel.squid-cache.org/ or modify the source to use
SSL_CTX_use_certificate_chain_file(sslContext, certfile) instead of
SSL_CTX_use_certificate_file(sslContext, certfile, SSL_FILETYPE_PEM)

Regards
Henrik
Received on Thu Jan 08 2004 - 13:39:40 MST

This archive was generated by hypermail pre-2.1.9 : Sun Feb 01 2004 - 12:00:05 MST