[squid-users] squid acceleration certificates

From: Paolo Biancolli <[email protected]>
Date: Sat, 11 Nov 2006 10:50:47 +0200

Hi all,

I have successfully configured squid 2.6 stable 4 in acceleration mode.
A portion of the config is as follows:

https_port 443 vhost vport version=1 cert=/path/cert.pem
key=/path/key.pem
sslproxy_flags DONT_VERIFY_PEER
cache_peer dst.domain parent 443 0 proxy-only originserver
forceddomain=dst.domain ssl sslcert=/path/dst-domain.pem sslversion=1
sslflags=DONT_VERIFY_PEER

The problem is that when I try access the accelerated site the browser
tells me that I have attempted to connect to dst.domain but the
certificate presented belongs to reverse.proxy.domain. How do I get
around the mismatch of the certificates so that the browser presents the
originally requested domain and not the cert of the reverse proxy.

Many thanks
Paolo Biancolli

<html><body><font face = "verdana" size = "0.8" color = "navy">This communication is intended for the addressee only. It is confidential. If you have received this communication in error, please notify us immediately and destroy the original message. You may not copy or disseminate this communication without the permission of the University. Only authorized signatories are competent to enter into agreements on behalf of the University and recipients are thus advised that the content of this message may not be legally binding on the University and may contain the personal views and opinions of the author, which are not necessarily the views and opinions of The University of the Witwatersrand, Johannesburg. All agreements between the University and outsiders are subject to South African Law unless the University agrees in writing to the contrary.</font></body></html>
Received on Sat Nov 11 2006 - 01:50:58 MST

This archive was generated by hypermail pre-2.1.9 : Fri Dec 01 2006 - 12:00:03 MST