[squid-users] Squid with https port and certificate

From: Digmayer, Markus <[email protected]>
Date: Fri, 16 Dec 2005 10:30:54 +0100

Hi Squid users,

I have a problem and i hope someone knows the answer.

- I use squid 2.5 Stable 5 on a Redhat Linux Enterprise 4 Server.
- I configured it as reverse proxy with bind 9 DNS Service on the same
system.
- This proxy "sits" in a our DMZ and is accessible from outside via port
80 and 443.
- We have several webservers which we want to protect over this reverse
proxy ( they have private IP Adresses ).
- I configured the https port with SSL certificat and ssl key.

So, what i want is:
1) squid redirects every http request to https
2) squid administers our certification ans does the key exchange with
the webbrowsers like an apache webserver does.
3) squid communicates with our internal webservers via http only.

Point 1 and 3 works, but when i connect via webbrowser from internet i
get the browserpopup which informs me:

"the security certificate was issude by a company you have not choosen
to trust"

When i open a ssh connection direct to the webserver the browser takes
the certificate without error.

The difference is that in the apache configuration is a definition of
"CertificateChainFile".

Is it possible to define a cafile in squid 2.5 ( like in 3.x )? Or do
you know another way to redirect to https port and using our certificate
without errors?

Thank you,

Markus
Received on Fri Dec 16 2005 - 02:33:23 MST

This archive was generated by hypermail pre-2.1.9 : Sat Dec 31 2005 - 12:00:02 MST