Re: [squid-users] squid acceleration certificates

From: Henrik Nordstrom <henrik@dont-contact.us>
Date: Sun, 12 Nov 2006 12:36:28 +0100

lör 2006-11-11 klockan 10:50 +0200 skrev Paolo Biancolli:

> The problem is that when I try access the accelerated site the browser
> tells me that I have attempted to connect to dst.domain but the
> certificate presented belongs to reverse.proxy.domain. How do I get
> around the mismatch of the certificates so that the browser presents the
> originally requested domain and not the cert of the reverse proxy.

You can't without making/installing a new certificate. The certificate
installed on the proxy must match the site you are reverse proxying. The
site name is what the CA is signing, validating that you are the owner
of that site.

In reverse proxy mode the reverse proxy IS the web server as far as
everyone else is concerned. How it accesses the requested information is
internal business.

Regards
Henrik

Received on Sun Nov 12 2006 - 04:37:08 MST

This archive was generated by hypermail pre-2.1.9 : Fri Dec 01 2006 - 12:00:03 MST