Hi
thanks for your answer. unfortunately it took me some time to try out.
maybe i understood something wrong but I'm trying to do the following
setup with squid 2.6.STABLE7 and couldn't find anything related to my
errors and problems:
wished setup:
client --ssl (cacert signed)--> squid (reverse) --ssl (selfsigned)--> apache
When using self-signed certificates you need to either add the
certificate as a ca for the cache_peer, or tell Squid to not verify the
certificate of the peer at all.
this i thought so however it wasn't clear for me that a host accessed
over a reverse proxy is also a peer.
well for me it is clear that squid cannot verify the cert as it is
self signed. however i'd like to tell squid that it should accept this
cert, not try to verify it or whatever to be possible to use it. But I
couldn't find such an option for the https_port option.
It's the cache_peer option you need to look at..
with the following line
cache_peer $ip parent 443 0 ssl no-query originserver
sslflags=DONT_VERIFY_PEER
and
sslproxy_flags DONT_VERIFY_PEER
(hint from here:
http://www1.uk.squid-cache.org/mail-archive/squid-users/200611/0038.html
)
it is now working like i wanted it. :)
thanks! and greetings pete
