[squid-users] R: [squid-users] R: [squid-users] Reverse proxy on Mail Server: mini-howtoo

From: Reale Marco <[email protected]>
Date: Wed, 3 Jan 2007 10:58:50 +0100

Happy New Year Henrik!

I apologize if I didn't reply to you but I'm just come-back from
holidays.....
Reading your last reply now it is a little clear to me but before
starting the adventure I would like to reassume the needed steps...and
this could be already a mini-howtoo :)))

1) Squid configuration (from previous reply):

http_port 80 defaultsite=the.public.hostname cache_peer ip.of.owa 80 0
no-query originserver

extension_methods RPC_IN_DATA RPC_OUT_DATA

should do it.

the.public.hostname is the hostname clients request from the Internet.

2) SSl Certificate generation

The simplest method for creating a self-signed certificate for OpenSSL
is to run

  openssl req -new -x509 -out selfsigned.pem -keyout key.pem -nodes
-days 365

and answer the simple questions asked by OpenSSL.

If you want to be able to request a real certificate from a CA then use
the following instead

  openssl req -new -out request.pem -keyout key.pem -nodes

  openssl req -x509 -in request.pem -out selfsigned.pem -key key.pem

then send request.pem to the CA of your choice requesting a "real"
certificate, and use selfsigned.pem until the CA process is completed..

3) Squid certificate handle
I suppose I also need:
- to copy the certificate under etc
mv key.* /usr/local/squid/etc/
- to instruct Squid about certificate with a directive like this:
https_port 443 cert=/usr/local/squid/etc/key.crt \
key=/usr/local/squid/etc/key.key

This should be enought. Is it all correct?
Thanks

-----Messaggio originale-----
Da: Henrik Nordstrom [mailto:henrik@henriknordstrom.net]
Inviato: sabato 23 dicembre 2006 12.55
A: Reale Marco
Cc: Squid Users
Oggetto: RE: [squid-users] R: [squid-users] Reverse proxy on Mail Server

tor 2006-12-21 klockan 19:04 +0100 skrev Reale Marco:

> Now I have isa server 2006 in which I imported a certificate (not
> verified but self-generated by IIS); ISA "speak" with Exchange 2003 in

> a secure network providing rpc over http authentication
>
> internet---->(https)----->isa with certificate(http)----->exchange
> 2003
>
> Really my doubts are not strectly related to (only) squid
> configuration but to the certificate handling (in combination with
> squid)
>
> Thus I asked for an how-too that explain simply how to replicate a
> typical configuration like this (with certificate)

You need to either make a new certificate for Squid, or manage to export
it to PEM format from the ISA server if you want to keep the exact same
certificate. But since the ISA certificate is self-signed you can just
as well make a new certificate for Squid.

The simplest method for creating a self-signed certificate for OpenSSL
is to run

  openssl req -new -x509 -out selfsigned.pem -keyout key.pem -nodes
-days 365

and answer the simple questions asked by OpenSSL.

If you want to be able to request a real certificate from a CA then use
the following instead

  openssl req -new -out request.pem -keyout key.pem -nodes

  openssl req -x509 -in request.pem -out selfsigned.pem -key key.pem

then send request.pem to the CA of your choice requesting a "real"
certificate, and use selfsigned.pem until the CA process is completed..

Regards
Henrik
Received on Wed Jan 03 2007 - 02:59:00 MST

This archive was generated by hypermail pre-2.1.9 : Thu Feb 01 2007 - 12:00:00 MST