here's some of what was in the cache.log: ------------- Initialising SSL. Using certificate in /usr/local/squid/etc/key.crt Using private key in /usr/local/squid/etc/key.key Initialising SSL. NOTICE: Peer certificates are not verified for validity! DNS Socket created at 0.0.0.0, port 32786, FD 7 Adding domain lan from /etc/resolv.conf Adding nameserver 192.168.0.1 from /etc/resolv.conf Accepting HTTPS connections at 0.0.0.0, port 8080, FD 8. Accepting ICP messages at 0.0.0.0, port 3130, FD 10. WCCP Disabled. Loaded Icons. Ready to serve requests. Failed to select source for 'https://192.168.0.150:8080/' always_direct = 0 never_direct = 0 timedout = 0 ... clientNegotiateSSL: Error negotiating SSL connection on FD 12: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request (1/-1) ------------------ i'm not sure about that last line, it came in at 6 am so it is probably a bot or something (this is a public site)... so i'm guessing always_direct should be 1 or is that irrelevant? (how would i set that?) 2006/11/2, Henrik Nordstrom <henrik@xxxxxxxxxxxxxxxxxxx>:
ons 2006-11-01 klockan 16:24 +0100 skrev nick humphrey: > het (our local network) > > i have a weblogic server 8.1 (wl81machine) in our intranet running a > ssl/https site (we're testing out verisign ssl). > > i also have installed squid 2.6 STABLE4 (with --enable-ssl) on debian > 3 (deb3machine) > > squid is acting as a reverse proxy to wl81machine, basically just > sending requests back and forth, no caching or anything, on port 8080. Ok. > when i try to access wl81machine from the internet i get an access > denied error and it shows the ip address to wl81machine without the > port: > " > while trying to retrieve the url: https://192.168.0.150 > the following error was encountered: > access denied > ... > " Anything in cache.log? > i know this is got to be something wrong with my squid.conf: > #-----START--------- > https_port 8080 cert=/usr/local/squid/etc/key.crt > key=/usr/local/squid/etc/key.key defaultsite=192.168.0.150 defaultsite should be the official site name, i.e. the same as you have in the cert. The server Squid should connect to is defined by cache_peer. Which I couldn't find any in your config btw... Regards Henrik
