Re: [squid-users] squid 3.1: How to setup a Squid SSL reverse proxy for a parent SSL Squid proxy?
Henrik Nordstrom-5 wrote: > > tis 2009-08-11 klockan 02:38 -0700 skrev chrischni: >> this is our cache_peer config: >> >> cache_peer 10.xxx.xxx.xxx parent 443 0 ssl no-query originserver >> login=PASS >> front-end-https=on sslkey=//usr/newrprgate/CertAuth/sslkey.key >> sslcert=//usr/newrprgate/CertAuth/sslcert.cert name=*.*.com > > Probably it's not recognising the issuing CA. The sslkey & sslcert > options to cache_peer is for using a client side certificate for > authenticating to the webserver (if requested by the webserver) and is > not used for verifying the authenticity of the webserver. > > Regards > Henrik > > > am i getting this wrong, or does that mean, that we donĀ“t need to specify a sslcert in the cache_peer line? should he connect to the sharepoint with ssl when i just use that??: cache_peer 10.xxx.xxx.xxx parent 443 0 ssl no-query originserver login=PASS front-end-https=on name=*.*.com -- View this message in context: http://www.nabble.com/squid-3.1%3A-How-to-setup-a-Squid-SSL-reverse-proxy-for-a-parent-SSL--Squid-proxy--tp24911339p24920234.html Sent from the Squid - Users mailing list archive at Nabble.com.
Re: [squid-users] squid 3.1: How to setup a Squid SSL reverse proxy for a parent SSL Squid proxy?
fulanpeng wrote: > > Hi, > > I have a Squid reverse proxy running with SSL support. People can > access it with https://domainA.com. No problem. > Now I want to set up another Squid proxy server to proxy it with SSL > support. > That means https://domainA --> https://domainB. > > My configuration file is similar like this for the parent. > Please help to set up the child squid to proxy this parent. > > https_port 443 cert=/usr/newrprgate/CertAuth/testcert.cert > key=/usr/newrprgate/CertAuth/testkey.pem > defaultsite=mywebsite.mydomain.com vhost > > cache_peer 10.112.62.20 parent 80 0 no-query originserver login=PASS > name=websiteA > > acl sites_server_1 dstdomain websiteA.mydomain.com > cache_peer_access websiteA allow sites_server_1 > http_access allow sites_server_1 > > http_access deny all > > I have a similar problem. we try to establish an SSL connection between our reverse proxy and our sharepointserver. Over the internet we connect with https to the reverse proxy and he should forward the user via ssl to the sharepoint. i have the following entry in my squid logfiles: 2009/08/11 11:18:51| fwdNegotiateSSL: Error negotiating SSL connection on FD 13: error::lib(0):func(0):reason(0) (5/0/0) 2009/08/11 11:18:51| TCP connection to 10.xxx.xxx.xxx/443 failed anyone knows why this might happen? this is our cache_peer config: cache_peer 10.xxx.xxx.xxx parent 443 0 ssl no-query originserver login=PASS front-end-https=on sslkey=//usr/newrprgate/CertAuth/sslkey.key sslcert=//usr/newrprgate/CertAuth/sslcert.cert name=*.*.com thanks in advance -- View this message in context: http://www.nabble.com/squid-3.1%3A-How-to-setup-a-Squid-SSL-reverse-proxy-for-a-parent-SSL--Squid-proxy--tp24911339p24914505.html Sent from the Squid - Users mailing list archive at Nabble.com.
