Re: [squid-users] Re: SSL Client certificates

From: Henrik Nordstrom <henrik_at_henriknordstrom.net>
Date: Tue, 01 Jul 2008 12:26:19 +0200

On tis, 2008-07-01 at 09:20 +0200, Bert Moorthaemer wrote:
> Henrik,
>
> >> Second, the only way out to the internet is through another proxy (I
> >> think a Microsoft ISA server). How can I tell Squid (or OpenSSL) to
> >> use this proxy for outgoing CA and CRL verification requests.
>
> >Squid does not automatically fetch CRL lists. You have to set up this
> >manually, and install the CRLs in a directory found by openssl.
>
> >Hmm.. we really should add a config option to specify the directory.
>
> I thought that the "crlfile" options handled that ... At least that's how I
> configured my SSL reverse proxy

That takes a file.

OpenSSL also supports a directory with multiple CRLs, hashed by the
issuing CN, and dynamic updates.

Regards
Henrik

Received on Tue Jul 01 2008 - 10:26:23 MDT

This archive was generated by hypermail 2.2.0 : Wed Jul 02 2008 - 12:00:01 MDT