[squid-users] SSL gateway using chained certs?

From: Paul <paul@dont-contact.us>
Date: Tue, 16 Dec 2003 15:30:47 -0800 (PST)

Can squid (squid-2.5.STABLE1-2 running under RH9 Linux) be
configured to handled *chained* SSL certificates (e.g. from
FreeSSL.com) for SSL to HTTP gatewaying? Before I purchase
chained cert (much cheaper than usual certs), I'd like to hear
from anyone who has direct experience.

With chained certs, you get the usual web certificate *plus* a second
certificate (e.g. chain.crt) to complete the chain of trust to a root CA.

The only real documentation I've found on using squid to gateway
SSL to http is in the squid.conf file appended below. Not *sure*
from the documentation if it's possible to fit a *chained* cert
into the https_port tag.

Thank you in advance for any help,

-- Paul

# TAG: https_port
# Usage: [ip:]port cert=certificate.pem [key=key.pem] [options...]
...
# You may specify multiple socket addresses on multiple lines,
# each with their own SSL certificate and/or options.
...
# cert= Path to SSL certificate (PEM format)
#
# key= Path to SSL private key file (PEM format)
# if not specified, the certificate file is
# assumed to be a combined certificate and
# key file
#
# version= The version of SSL/TLS supported
# 1 automatic (default)
# 2 SSLv2 only
# 3 SSLv3 only
# 4 TLSv1 only
#
# cipher= Colon separated list of supported ciphers
#
# options= Varions SSL engine options. The most important
# being:
# NO_SSLv2 Disallow the use of SSLv2
# NO_SSLv3 Disallow the use of SSLv3
# NO_TLSv1 Disallow the use of TLSv1
# See src/ssl_support.c or OpenSSL documentation
# for a more complete list.
Received on Tue Dec 16 2003 - 16:30:52 MST

This archive was generated by hypermail pre-2.1.9 : Thu Jan 01 2004 - 12:00:14 MST