Re: [squid-users] squid as proxy for exchange with https/ssl?

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Sat, 05 Mar 2011 21:38:34 +1300

On 04/03/11 23:51, info_at_sysbuddha.eu wrote:
> hi there.
>
> i have to set up a squid3 (built with enable-ssl) to accept requests from
> outlook for an exchange server and redirect them there. but i have a little
> trouble knowing which certificates i need all in all and which one of them
> to put where.
>
> when directly accessing the exchange server owa ith a web browser, i open
> https://[fqdn of exchange server]/owa.
>
> output of /usr/sbin/squid -v and the beginning of the squid.conf are
> included below.
>
> any hint and help is deeply appreciated :)
>

http://wiki.squid-cache.org/ConfigExamples/Reverse/OutlookWebAccess
covers what you need.

<snip>
>
> squid.conf excerpt:
>
> # which certificate do i have to put in the https_port line?
> https_port [private ip of squid]:443 cert=[certificate1].pem
> defaultsite=[fqdn of exchange server]

This is the public facing port for the whole system. Whichever
certificate you have for you OWA domain to connect visitors with goes there.

>
> #which certificate do i have to put in the cache_peer line?
> cache_peer [fqdn of exchange server] parent 443 0 no-query originserver
> login=PASS ssl sslcert=/[certificate2].pem name=[fqdn of exchange server]
> front-end-https

Completely optional. Could be self-signed or none at all. It is only
used between Squid and the OWA so as long as OWA accept it things are
fine. The default with just "ssl" and no cert information is for Squid
to generate a random client certificate and connect using that.

Amos

-- 
Please be using
   Current Stable Squid 2.7.STABLE9 or 3.1.11
   Beta testers wanted for 3.2.0.5
Received on Sat Mar 05 2011 - 08:38:47 MST

This archive was generated by hypermail 2.2.0 : Sat Mar 05 2011 - 12:00:01 MST