Search squid archive

Re: Can't get SSL proxy to work with MS Exchange OWA

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Anybody?

TIA

Bert.

"Bert Moorthaemer" <bert.moorthaemer@xxxxxxxxxx> wrote in message 
news:eisifi$rah$1@xxxxxxxxxxxxxxxx
> Hi
>
> I already found out why this didn't work ... but I have another problem. I 
> have setup the SSL connection to use client certiticate authorisation like 
> this:
>
> https_port webmail:443 \
>        defaultsite=webmail.foo.com vhost \
>        cert=/usr/local/etc/squid/certs/webmail.foo.com.pem \
>        clientca=/etc/CA/keys/ca.pem \
>        cafile=/etc/CA/keys/ca.pem \
>        crlfile=/etc/CA/keys/crl.pem \
>        capath=/usr/local/etc/squid/certs
>
> I get this working up to the point that the servers asks the client for a 
> certificate then I get the error: SSL unknown certificate error 12
>
> Probably this has something to do with the fact that I don't really 
> understand how I have to set the config ...
> For what I understand:
> 1. clientca: has to point to the CA authority's certificate
> 2. cafile: absolutely not clear what goes inhere
> 3. capath: absolutely not clear what goes inhere (do I need it??)
>
> TIA
>
> Bert.
>
>
>
> "Bert Moorthaemer" <bert.moorthaemer@xxxxxxxxxx> wrote in message 
> news:eisb0p$12g$1@xxxxxxxxxxxxxxxx
>> Hi all!
>>
>> I have the following config for Squid2.6STABLE4:
>>
>> https_port webmail:443 
>> cert=/usr/local/etc/squid/certs/webmail.foo.com.pem 
>> defaultsite=webmail.foo.com protocol=http vhost
>>
>> cache_peer x.x.x.x parent 80 0 no-query originserver front-end-https 
>> proxy-only
>> cache_peer_domain x.x.x.x webmail.foo.com
>>
>> acl Websites type accelerated
>> acl Website_domains dstdomain webmail.foo.com
>>
>> http_access allow Websites Website_domains
>> http_access deny Websites
>>
>> The problem is that is can't authenticate with my Exchange Server. When I 
>> get the login dialog from my Exchange Server and enter the *right* 
>> credentials I get an access denied after 3 tries. Do I have a config 
>> problem here???
>>
>> Next to this I also get a certificate error in my browser claiming that 
>> the cerfiticate could not be verified properly. I have a valid VeriSign 
>> signed certificate for this website .... can this be a problem of IE 7??
>>
>> TIA
>>
>> Bert.
>>
>>
>>
>
>
>
>
[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux