Did you really point the Cert to the CSR (CertReq file), or is that a typo?
--bill
> On Oct 17, 2013, at 8:45 AM, Larry Zhao <thehiddendepth_at_gmail.com> wrote:
>
> Hi, Guys,
>
>
> I am trying to setup a SSL proxy for one of my internal servers to
> visit `https://www.googleapis.com` using Squid, to make my Rails
> application on that server to reach `googleapis.com` via the proxy.
>
>
> I am new to this, so my approach is to setup a SSL transparent proxy
> with Squid. I build `Squid 3.3` on Ubuntu 12.04, generated a pair of
> ssl key and crt, and configure squid like this:
>
>
> http_port 443 transparent cert=/home/larry/ssl/server.csr
> key=/home/larry/ssl/server.key
>
>
> And leaves almost all other configurations default. The authorization
> of the dir that holds key/crt is `drwxrwxr-x 2 proxy proxy 4096
> Oct 17 15:45 ssl`
>
>
> Back on my dev laptop, I put `<proxy-server-ip> www.googleapis.com` in
> my `/etc/hosts` to make the call goes to my proxy server.
>
>
> But when I try it in my rails application, I got:
>
>
> SSL_connect returned=1 errno=0 state=SSLv2/v3 read server hello A:
> unknown protocol
>
>
> And I also tried with openssl in cli:
>
>
> openssl s_client -state -nbio -connect www.googleapis.com:443 2>&1
> | grep "^SSL"
>
> SSL_connect:before/connect initialization
>
> SSL_connect:SSLv2/v3 write client hello A
>
> SSL_connect:error in SSLv2/v3 read server hello A
>
> SSL_connect:error in SSLv2/v3 read server hello A
>
>
>
> Where did I do wrong?
>
> --
>
> Cheers ~
>
> Larry
Received on Thu Oct 17 2013 - 16:00:32 MDT
This archive was generated by hypermail 2.2.0 : Thu Oct 17 2013 - 12:00:06 MDT