[squid-users] using squid as reverse proxy to connect to exchange 2010 owa

From: Sidnei Moreira <sidneimoreira2_at_gmail.com>
Date: Thu, 7 Jul 2011 09:25:14 -0400

hi,
i have searched the archive for a case like mine and could not find
any help, so i would like to post my actual issue.

i have an exchange 2010 server, configured to respond with a
self-signed certificate to internal computers on our lan.
i have a public certificate from a trusted CA, which does not include
my internal domain, and for a couple of reasons i can't add this local
internal domain to that public certificate.

so whenever an internal outlook client tries to connect internally,
exchange keeps saying that the certificates are not the same.
on the external side, i can't connect to the OWA site without popping
up the 'site is not trusted' message on the browser.

i read about squid reverse proxy feature, which receive connections
from the outside world using a public trusted certif. and pass it on
to exchange server.
i guess this could solve my problem, as i would not need to add the
public certificate to the exchange server, but only to the squid
server.

from the wiki page i copied the following configuration into my
squid.conf file, and adapted it. I am using squid version 3.0.STABLE1

########################## START OF REVERSE PROXY CONFIG
SOURCE: http://wiki.squid-cache.org/ConfigExamples/Reverse/ExchangeRpc
##########
extension_methods RPC_IN_DATA RPC_OUT_DATA
https_port <my-squid-server-internal-ip>:443
cert=/var/crt/my-public-domain-trusted-certificate.p7s
defaultsite=my-public-domain.com
cache_peer <my-exchange-server-internal-ip> parent 443 0 no-query
originserver login=PASS ssl
sslcert=/var/crt/my-self-signed-exchange-certificate.pfx
name=exchangeServer

acl EXCH dstdomain .rpc_domain_name
cache_peer_access exchangeServer allow EXCH
cache_peer_access exchangeServer deny all
never_direct allow EXCH
http_access allow EXCH
http_access deny all
miss_access allow EXCH
miss_access deny all
########################## END OF REVERSE PROXY CONFIG

but, i am getting this error when restarting squid:

2011/07/07 08:39:18| parseConfigFile: 'squid.conf' line 90
unrecognized: 'https_port <my-squid-server-internal-ip>:443
cert=/var/crt/my-public-domain-trusted-certificate.p7s
defaultsite=my-public-domain.com'
2011/07/07 08:39:18| parse_peer: token='ssl'
FATAL: Bungled squid.conf line 91: cache_peer
<my-exchange-server-internal-ip> parent 443 0 no-query originserver
login=PASS ssl sslcert=/var/crt/my-self-signed-exchange-certificate.pfx
name=exchangeServer
Squid Cache (Version 3.0.STABLE1): Terminated abnormally.
CPU Usage: 0.010 seconds = 0.010 user + 0.000 sys
Maximum Resident Size: 0 KB
Page faults with physical i/o: 12

Does anyone have a hint where should i correct the config?

thanks in advance
Sidnei
Received on Thu Jul 07 2011 - 13:25:21 MDT

This archive was generated by hypermail 2.2.0 : Fri Jul 08 2011 - 12:00:02 MDT