Re: [squid-users] ssl and certificate problem

From: Henrik Nordstrom <hno@dont-contact.us>
Date: Wed, 24 Mar 2004 20:41:20 +0100 (CET)

On Wed, 24 Mar 2004, Emre CELEBI wrote:

> when squid tries to connect to internal web server i see (from ethereal)
> as Alert Level: Fatal, TLS: Unknown CA ssl packets and the connection
> fails. in squid logs i see Error negotiating SSL connection logs.
> This is obviusly related to CA certificate auth. and with certificates.

You need to give Squid a directory of acceptable CA certificates, or
disable certificate verificatin.

Exact details varies depending on which method you use for the ssl
connection (cache_peer, or direct). If cache_peer then see the cache_peer
options. If direct see the sslproxy_ directives.

> question: how do you (who use owa and iis servers certificate) export ur
> server certificates and import ur server certificates to squid and make
> squid ssl to server.And do u use clientca=/to/your/server_cert.crt? (is
> there any trick here?)

You should not, unless you want to move the official certificate from your
existing server to Squid for presenting to the users.

Regards
Henrik
Received on Wed Mar 24 2004 - 12:41:25 MST

This archive was generated by hypermail pre-2.1.9 : Thu Apr 01 2004 - 12:00:02 MST