[squid-users] Re: Can't get SSL proxy to work with MS Exchange OWA

From: Bert Moorthaemer <[email protected]>
Date: Wed, 8 Nov 2006 17:29:18 +0100

Anybody?

TIA

Bert.

"Bert Moorthaemer" <bert.moorthaemer@blumex.com> wrote in message
news:eisifi$rah$1@sea.gmane.org...
> Hi
>
> I already found out why this didn't work ... but I have another problem. I
> have setup the SSL connection to use client certiticate authorisation like
> this:
>
> https_port webmail:443 \
> defaultsite=webmail.foo.com vhost \
> cert=/usr/local/etc/squid/certs/webmail.foo.com.pem \
> clientca=/etc/CA/keys/ca.pem \
> cafile=/etc/CA/keys/ca.pem \
> crlfile=/etc/CA/keys/crl.pem \
> capath=/usr/local/etc/squid/certs
>
> I get this working up to the point that the servers asks the client for a
> certificate then I get the error: SSL unknown certificate error 12
>
> Probably this has something to do with the fact that I don't really
> understand how I have to set the config ...
> For what I understand:
> 1. clientca: has to point to the CA authority's certificate
> 2. cafile: absolutely not clear what goes inhere
> 3. capath: absolutely not clear what goes inhere (do I need it??)
>
> TIA
>
> Bert.
>
>
>
> "Bert Moorthaemer" <bert.moorthaemer@blumex.com> wrote in message
> news:eisb0p$12g$1@sea.gmane.org...
>> Hi all!
>>
>> I have the following config for Squid2.6STABLE4:
>>
>> https_port webmail:443
>> cert=/usr/local/etc/squid/certs/webmail.foo.com.pem
>> defaultsite=webmail.foo.com protocol=http vhost
>>
>> cache_peer x.x.x.x parent 80 0 no-query originserver front-end-https
>> proxy-only
>> cache_peer_domain x.x.x.x webmail.foo.com
>>
>> acl Websites type accelerated
>> acl Website_domains dstdomain webmail.foo.com
>>
>> http_access allow Websites Website_domains
>> http_access deny Websites
>>
>> The problem is that is can't authenticate with my Exchange Server. When I
>> get the login dialog from my Exchange Server and enter the *right*
>> credentials I get an access denied after 3 tries. Do I have a config
>> problem here???
>>
>> Next to this I also get a certificate error in my browser claiming that
>> the cerfiticate could not be verified properly. I have a valid VeriSign
>> signed certificate for this website .... can this be a problem of IE 7??
>>
>> TIA
>>
>> Bert.
>>
>>
>>
>
>
>
>
Received on Wed Nov 08 2006 - 09:30:35 MST

This archive was generated by hypermail pre-2.1.9 : Fri Dec 01 2006 - 12:00:03 MST