Re: [squid-users] RE: squid-users Digest 11 Feb 2011 21:14:30 -0000 Issue 3732

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Mon, 14 Feb 2011 23:22:47 +1300

On 14/02/11 20:53, John Gardner wrote:
>> It does not matter where the files are generated. As long as they are
>> stored on the Squid box for Squid to access.
>>
>> For Squid you do not have to install anything into OpenSSL, which is
>> just a library.
>
> Thanks for the pointers Amos.
>
> Hopefully I'm going to attempt to do it this way;
>
> 1) Export the file from the Windows server as a .pfx file
> 2) Separate the private key from the .pfx file;
> openssl pkcs12 -in windows.pfx -out outputfile.txt -nodes
> 3) Extract the private key from outputfile.txt and store it as private.key
> 4) Then add the line to Squid;
> https_port 443 cert=/usr/newrprgate/CertAuth/verisign.cert key=/usr/newrprgate/CertAuth/private.key defaultsite=mywebsite.mydomain.com vhost
>
> Where;
> private.key = the original private key of the Windows server that generated the original request
> verisign.cert = the wildcard certificate back from Verisign
>
>
> Can anybdy see any immediate faults with doing it this way?
>
> Thanks
>
> John
>

That matches what I would expect to work.

Amos

-- 
Please be using
   Current Stable Squid 2.7.STABLE9 or 3.1.11
   Beta testers wanted for 3.2.0.4
Received on Mon Feb 14 2011 - 10:22:59 MST

This archive was generated by hypermail 2.2.0 : Mon Feb 14 2011 - 12:00:01 MST