So far everything works great on http, working on https now. Even SSH and SNMP are working well.
I've exported my cert from my IIS server and it's a .pfx file format. I renamed the file to .pem but was sure if that would work. When I launt squid with -N I get the following:
Failed to acquire SSL certificate 'usr/local/squid/var/cert.pem' " error: 0906D06C: PEM routines: PEM_read_bio : no start line.
I appeal to the Gods of Squid givth me the guidance. This is all I need to be done.
-----Original Message-----
From: Henrik Nordstrom [mailto:henrik@henriknordstrom.net]
Sent: Monday, May 07, 2007 3:40 PM
To: Jason Hitt
Cc: Squid Users
Subject: RE: [squid-users] FW: failure notice
mån 2007-05-07 klockan 15:20 -0500 skrev Jason Hitt:
> The viconnect FAQ still references the old http_accel lines.
> http://viconnect.visolve.com/vic7/modules/knowledgebase/faqsearch.php?
> productid=22&contentid=78&nodeid=squidn08&visid . The squid-cache FAQ
> doesn't but doesn't make an sense to me
> http://wiki.squid-cache.org/SquidFaq/ReverseProxy
>
> All I want to do is have a very basic vanilla https server reverse
> proxied with Squid. I'll get the .pem cert but I can't even get squid
> to start up as it is. Any help would be GREATLY appreciated.
You'll need to give a cert (and key) to https_port. And if the origin server is also https then use the ssl option on cache_peer.
Configuration is the same as for http, but with the changes above to use https instead of http.. so it's just
https_port 443 cert=/path/to/cert.pem key=/path/to/cert_key.pem accel defaultsite=the.official.name
cache_peer ip.of.webserver parent 443 0 no-query originserver ssl
The certificate key needs to be stored unencrypted, or you will need to start Squid in foreground mode (-N option) to be able to enter the key encryption password.
Regards
Henrik
Received on Fri May 11 2007 - 12:48:53 MDT
This archive was generated by hypermail pre-2.1.9 : Fri Jun 01 2007 - 12:00:05 MDT