Thanks for the previous post I made the suggested changes to squid.conf but I still can not connect. Now on the Web browser I am getting Failed to establish a secure connection to owaServer The system returned (71) Protocol error
On the squid server I am seeing a bunch of the following
fwdNegotiateSSL: Error negotiating SSL connection on FD 12: error: 14090086: SSL routines:SSL#_GET_SERVER_CERTIFICATE: certificate verify failed (1/-1/0)
Is this a configuration error with Squid or an issue with my certificates. I have one SSL certificate for mail.myco.com which I purchased for the Exchange server. Following the instructions in a previous post I exported the certificate on the Exchange Server, copied the pfx file to the Squid server and used openSSL to convert it to a private pem file which I stored in etc/ssl/private , a public pem file which I stored in etc/ssl/certs and a server.key file is stored in etc/ssl
below is the current squid.conf file
acl manager proto cache_object
acl localhost src 127.0.0.1/32 ::1
acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1
acl localnet src 25.0.0.0/8 # RFC1918 possible internal network
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 443 # https
acl Safe_ports port 25 #
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
https_port 25.36.2.33:443 accel cert=/etc/ssl/certs/mail.myco.com.pem key=/etc/ssl/server.key defaultsite=mail.myco.com
cache_peer 25.36.2.32 parent 443 0 no-query originserver login=PASS ssl sslcert=/etc/ssl/certs/mail.myco.com.pem sslkey=/etc/ssl/server.key name=owaServer
** I tried the above line with connection-auth=on (and off)
*** I tried both of the followin lines at different times ***
acl OWA dstdomain mail.myco.com
acl OWA dst 25.36.2.32/32
cache_peer_access owaServer allow OWA
never_direct allow OWA
http_access allow OWA
http_access allow localnet
http_access allow localhost
# Squid normally listens to port 3128
http_port 3128
# Uncomment and adjust the following to add a disk cache directory.
cache_dir ufs /var/cache/squid 100 16 256
# Leave coredumps in the first cache dir
coredump_dir /var/cache/squid
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern . 0 20% 4320
Received on Thu Jan 27 2011 - 00:21:39 MST
This archive was generated by hypermail 2.2.0 : Thu Jan 27 2011 - 12:00:03 MST