[squid-users] clients -- SSL SQUID -- NON SSL webserver

From: Guido Marino Lorenzutti <glorenzutti_at_jusbaires.gov.ar>
Date: Tue, 23 Mar 2010 00:47:05 -0300

Hi people: Im trying to give my clients access to my non ssl
webservers thru my reverse proxies adding ssl support on them.

Like the subject tries to explain:

WAN CLIENTS --- SSL SQUID (443) --- NON SSL webserver (80).

This is the relevant part of the squid.conf:

https_port 22.22.22.22:443 cert=/etc/squid/crazycert.domain.com.crt
key=/etc/squid/crazycert.domain.com.key
defaultsite=crazycert.domain.com vhost
sslflags=VERIFY_CRL_ALL,VERIFY_CRL cafile=/etc/squid/ca.crt
clientca=/etc/squid/ca.crt

cache_peer crazycert.domain.com parent 80 0 no-query proxy-only
originserver login=PASS

Im using a self signed certificate and the squid should not allow the
connection if the client does not have a valid key.

When I try to connect I get this error:

2010/03/23 00:39:47| SSL unknown certificate error 3 in
/C=AR/ST=Buenos Aires/L=Ciudad Aut\xF3noma de Buenos Aires/O=Consejo
de la Magistratura de la C.A.B.A./OU=Direcci\xF3n de Inform\xE1tica y
Tecnolog\xEDa/CN=Guido Marino
Lorenzutti/emailAddress=glorenzutti_at_jusbaires.gov.ar

2010/03/23 00:39:47| clientNegotiateSSL: Error negotiating SSL
connection on FD 12: error:140890B2:SSL
routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate returned (1/-1)

Any ideas?
I don't think the problem is in the certificates, coz im using them on
an apache working like reverse proxy. But I would prefer having squid
for everything.

Tnxs in advance.
Received on Tue Mar 23 2010 - 03:47:19 MDT

This archive was generated by hypermail 2.2.0 : Tue Mar 23 2010 - 12:00:06 MDT