i've asked to be removed countless times. here's another message that i didn't want. it's really not that hard to remove somebody is it...
This is a forwarded message From: Derek Winkler <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Date: Tuesday, January 27, 2004, 3:26:19 PM Subject: [squid-users] HTTPS questions ===8<==============Original message text=============== I posted this earlier... I was doing something similar. Browser --SSL-> Squid --SSL--> OWA I ran into a bug with the RSA SecurID pages but other than that it worked. Might need to tighten up the ACLs. Here's my config... visible_hostname squidhost.algorithmics.com cache_mgr [EMAIL PROTECTED] https_port 443 cert=/opt/squid/etc/owahost.algorithmics.com.crt key=/opt/squid/etc/owahost.algorithmics.com.key cafile=/opt/squid/etc/cacert.crt defaultsite=owa.algorithmics.com cache_peer owahost.algorithmics.com parent 443 0 no-query ssl proxy-only originserver login=PASS sslcert=/opt/squid/etc/owahost.algorithmics.com.crt sslkey=/opt/squid/etc/owahost.algorithmics.com.key sslflags=DONT_VERIFY_PEER ssl_unclean_shutdown on acl owa-exchange urlpath_regex \/exchange(\/|$) acl owa-webid urlpath_regex \/WebID\/ acl all src 0.0.0.0/0.0.0.0 acl all-dst dst 0.0.0.0/0.0.0.0 acl owa-host dst owaipaddress/255.255.255.255 http_access allow owa-host owa-exchange http_access allow owa-host owa-webid http_reply_access allow all-dst http_access deny all http_access deny all-dst You need to use the latest version of Squid to do this, unstable version 3, patch uneeded. The squid.conf.default describes all of the https_port options but doesn't give in depth details of what they do. Verisign gives specific intructions on how to generate a request using openssl, follow instructions for Apache w/ Openssl or Apache w/ mod_ssl. -----Original Message----- From: Loc Nguyen [mailto:[EMAIL PROTECTED] Sent: Tuesday, January 27, 2004 3:23 PM To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: [squid-users] HTTPS questions Hi everyone, I have few questions, I hope that you can help: I want to setup a HTTPS accelerator using squid. The environment is: Client -> HTTPS -> Squid accelerator -> HTTPS webserver I am using squid version 2.5. I configure the squid with the Openssl certificate. The squid accelerator fails. It seems to me that squid accelerator use HTTP to connect to the webserver instead of HTTPS. My questions are: 1) Does anyone setup this type of HTTPS accelerator ? I search on Goole and there is a document mentioning that I need to download a patch to support this HTTPS accelerator but I can't find this patch at squid-cache.org download site. Can you point me to where I can download this patch ? 2) Any one has a complete list of https_port option ? I can't find any document explaining how to setup https_port. 3) Did anyone setup squid as the HTTPS accelerator for HTTPS Outlook Web Access? Please point me to any document shows how to configure the squid.conf to support HTTPS OWA. 4) At this time, I use openssl to generate certiciate for the HTTPS website. I would like to use the commercial certificate (ie. Verisign, etc..) so my customer doesn't have to call me about the "can not verify" certificate windows problem. I know how to generate key-pair and submit a certificate request with Verisign. I just need to know what format do I need to request from Verisign for the certificate so the certificate will work with Squid. I am appreciate any advices and comments about this. Thanks in advance. Loc Nguyen __________________________________ Do you Yahoo!? Yahoo! SiteBuilder - Free web site building tool. Try it! http://webhosting.yahoo.com/ps/sb/ ===8<===========End of original message text=========== -- Best regards, mortbox mailto:[EMAIL PROTECTED]