fre 2006-11-03 klockan 14:48 +0100 skrev nick humphrey: > but as soon as i removed "sslflags=DONT_VERIFY_PEER" in the cache_peer > line i was not able to connect to wl81machine from the internet, and > the terminal window on wl81machine spat out stuff like this: OpenSSL on your Squid did not know/trust the CA who have signed the key of the web server. The list of trusted CA:s can be definied in many ways, i.e. cafile= or capath=, or even OpenSSL builtin default locations. cafile want's a file containing the public certificates of the trusted CA's. in PEM format. capath wants an OpenSSL hashed directory of CA certificates. > it also works just fine with and without originserver in the > cache_peer line...wierd...it seems to make no difference. The originserver options is a bit subtle. Most servers work kind of acceptable without it, but not all. Also some protocol features like persistent connections or authentication require it to be set properly. > one question i still have though is, when something does go wrong, the > error page shows the ip address to the internal machine. i don't want > that. is that an error page template i need to edit to remove that? Yes, it's in the error directory. > how would i get it to display the external domain name instead (if > possible)? The available template codes can be found in the FAQ section on writing custom error messages. Regards Henrik
Attachment:
signature.asc
Description: Detta =?ISO-8859-1?Q?=E4r?= en digitalt signerad meddelandedel
