Hi.
I'm using Squid Version 2.5.STABLE6 in this configuration:
Internet ->HTTPS-> squid ->HTTP-> Intranet
It works *perfectly* with a self-signed certificate.
However, if I sign a certificate with my own CA certificate, created using
the -newca option to CA.pl, it doesn't work, and I get the following
error:
FATAL: Bungled squid.conf
The error goes away when I switch back to my self-signed certificate -
only a certificate signed by my own CA certificate does not work.
To try and find out why, I set up a secure website using Apache's httpd. I
added the SSLCACertificateFile directive, and it worked perfectly. I just
had to accept the certificate.
I tried various option to get squid to accept the CA, some of them
probably made up:
sslflags=DONT_VERIFY_PEER
cafile=/path/to/cert
ca=/path/to/cert
Thinking squid couldn't take an argument to a different CA file, I
appended my CA cert to the ca-bundle.crt file, making sure the format was
exactly the same as the other certs in the file, i.e. an x509 part then
the cert.
squid -k parse still complained.
What do I need to do to get this working?
(I'm not able to patch squid because of automatic updates.)
I'm running FC3.
Thanks a lot.
Received on Thu Dec 02 2004 - 07:52:04 MST
This archive was generated by hypermail pre-2.1.9 : Sat Jan 01 2005 - 12:00:01 MST