Re: [squid-users] how to use sslproxy options

From: Anandha V <vanadha_at_gmail.com>
Date: Fri, 11 Nov 2011 07:24:30 +0530

Hi Amos

Thanks for your reply

I have made reverse proxy setup as follows,

Client(https)-------(https)squid1(https))----(https)Originserver(8443)

I have made squid conf as follows and setup works fine

https_port 443 accel cert=/usr/local/myCA/certs/server.crt
key=/usr/local/myCA/private/server.key
cache_peer originserver parent 8443 0 originserver ssl no-digest
sslcafile=/usr/local/myCA/certs/myca.crt no-digest

Whether i need to specify ssl certificates/key in the cache_peer using
sslcert and sslkey for the connections between squid and origin server
to be in https?

or just the CA certificate of the apache is enough.?

Thanks,
Anandha V

On Fri, Nov 11, 2011 at 5:59 AM, Amos Jeffries <squid3_at_treenet.co.nz> wrote:
> On 10/11/2011 6:00 p.m., Anandha V wrote:
>>
>> Hello all,
>>
>> In the squid i can find the following tags under SSL,
>> sslproxy_client_certificate,  sslproxy_client_key,  sslproxy_cafile
>>
>> In the reverse proxy configuration can we assign certificates using
>> above tags instead of using the following in sslcert, sslkey,
>> sslcafile, in cache_peer configuration.
>
> The global sslproxy_* directives control what Squid uses on DIRECT traffic
> when it needs to handle all the SSL/TLS details of a https:// URL.
>
> cache_peer contains settings for a specific hard-coded link between this
> Squid and another software which can handle HTTP (proxy or origin server).
> SSL/TLS are some which can be set when that link needs to be encrypted.
>
> There is also a third location where SSL certs etc are setup. On http_port
> when Squid is the receiving end of SSL/TLS connections.
>
> Amos
>
>
Received on Fri Nov 11 2011 - 01:54:36 MST

This archive was generated by hypermail 2.2.0 : Fri Nov 11 2011 - 12:00:02 MST