Re: [squid-users] config chain SSL Cert files]]

From: Sam Lin <salin@dont-contact.us>
Date: Thu, 15 Sep 2005 17:54:38 +0800

hello,

thank you very much
i'm almost fix the problem
very happy.

Henrik Nordstrom 提到:

> On Wed, 14 Sep 2005, Sam Lin wrote:
>
>>
>> Hello,
>> in the cache.log i don't see any error message.
>> and i find a post with the same problem
>> http://openacs.org/forums/message-view?message_id=109568
>> please read No.26
>> i'm trying to put my CAcert into /usr/src/crypto/openssl/apps/cert.pem
>> and restart my squid
>> https still have the same alert message
>
>
> Squid-2.5 does not support certificate chains.
>
> Certificate chains is supported by Squid-3 or the SSL update patch to
> Squid-2.5 available from devel.squid-cache.org. You then enable the
> use of chained certificates by appending the CA certificate to your
> server certificate, both in the same file with the server certificate
> first and followed by the CA certificate chain.
>
> You should NOT use any ca related https_port options. The ca related
> options to https_port is for client certificate support when using SSL
> certificate based authentication, not for specifying server
> certificate chains.
>
> Regards
> Henrik
>
>
Received on Thu Sep 15 2005 - 03:54:59 MDT

This archive was generated by hypermail pre-2.1.9 : Sat Oct 01 2005 - 12:00:03 MDT