[squid-users] Squid 3 as reverse-proxy with SSL
Hi List, I want to use Squid as a reverse proxy with ssl support, so i setup a config like this: https_port 192.168.9.109:443 cert=/etc/squid/ssl/domain.tld.crt key=/etc/squid/ssl/domain.tld.key vhost http_port 192.168.9.109:80 vhost cache_peer 192.168.222.109 parent 80 0 proxy-only no-query originserver no-digest front-end-https=on sslcert=/domain.tld.crt sslkey=/etc/squid/ssl/domain.tld.key name=109_http acl testdomain dstdomain naturmed.online.biering.de acl testdomain_ADR dst 192.168.222.109 acl testdomain_PORT port 80 443 cache_peer_access 109_http allow testdomain http_access allow testdomain_ADR testdomain_PORT but.. if i restart squid i become this msg: Failed to acquire SSL certificate '/etc/squid/ssl/domain.tld.crt': error:20074002:BIO routines:FILE_CTRL:system lib the cert's are from a ISP who says that's a modssl (apache) cert, so... is the reason for this the wrong cert-type? the system is Gentoo
Re: [squid-users] Squid 3 as reverse-proxy with SSL
Maik Fuss wrote: Hi List, I want to use Squid as a reverse proxy with ssl support, so i setup a config like this: https_port 192.168.9.109:443 cert=/etc/squid/ssl/domain.tld.crt key=/etc/squid/ssl/domain.tld.key vhost http_port 192.168.9.109:80 vhost cache_peer 192.168.222.109 parent 80 0 proxy-only no-query originserver no-digest front-end-https=on sslcert=/domain.tld.crt sslkey=/etc/squid/ssl/domain.tld.key name=109_http Most peers use port 443 for HTTPS. Are you sure its running on port 80 that way? acl testdomain dstdomain naturmed.online.biering.de acl testdomain_ADR dst 192.168.222.109 acl testdomain_PORT port 80 443 cache_peer_access 109_http allow testdomain http_access allow testdomain_ADR testdomain_PORT but.. if i restart squid i become this msg: Failed to acquire SSL certificate '/etc/squid/ssl/domain.tld.crt': error:20074002:BIO routines:FILE_CTRL:system lib the cert's are from a ISP who says that's a modssl (apache) cert, so... is the reason for this the wrong cert-type? I don't know, sorry, lets hope someone else does. the system is Gentoo Amos -- Please use Squid 2.7.STABLE1 or 3.0.STABLE6
Re: [squid-users] Squid 3 as reverse-proxy with SSL
On tis, 2008-06-10 at 22:14 +0200, Maik Fuss wrote: > the cert's are from a ISP who says that's a modssl (apache) cert, so... > is the reason for this the wrong cert-type? What do the first line of the cert look like? Do the user Squid is running as have permission to read the cert? Which Squid version? Regards Henrik signature.asc Description: This is a digitally signed message part
Re: [squid-users] Squid 3 as reverse-proxy with SSL [solved]
hi guys, the problem is solved! it was a "https_port ..." in another configfile without the cert/key param! so.. if you use https_port and dont set a cert param all other certs dont work... thx 4 help :) Henrik Nordstrom schrieb: On tis, 2008-06-10 at 22:14 +0200, Maik Fuss wrote: the cert's are from a ISP who says that's a modssl (apache) cert, so... is the reason for this the wrong cert-type? What do the first line of the cert look like? Do the user Squid is running as have permission to read the cert? Which Squid version? Regards Henrik