Hi
I already found out why this didn't work ... but I have another problem. I
have setup the SSL connection to use client certiticate authorisation like
this:
https_port webmail:443 \
defaultsite=webmail.foo.com vhost \
cert=/usr/local/etc/squid/certs/webmail.foo.com.pem \
clientca=/etc/CA/keys/ca.pem \
cafile=/etc/CA/keys/ca.pem \
crlfile=/etc/CA/keys/crl.pem \
capath=/usr/local/etc/squid/certs
I get this working up to the point that the servers asks the client for a
certificate then I get the error: SSL unknown certificate error 12
Probably this has something to do with the fact that I don't really
understand how I have to set the config ...
For what I understand:
1. clientca: has to point to the CA authority's certificate
2. cafile: absolutely not clear what goes inhere
3. capath: absolutely not clear what goes inhere (do I need it??)
TIA
Bert.
"Bert Moorthaemer" <bert.moorthaemer@xxxxxxxxxx> wrote in message
news:eisb0p$12g$1@xxxxxxxxxxxxxxxx
> Hi all!
>
> I have the following config for Squid2.6STABLE4:
>
> https_port webmail:443 cert=/usr/local/etc/squid/certs/webmail.foo.com.pem
> defaultsite=webmail.foo.com protocol=http vhost
>
> cache_peer x.x.x.x parent 80 0 no-query originserver front-end-https
> proxy-only
> cache_peer_domain x.x.x.x webmail.foo.com
>
> acl Websites type accelerated
> acl Website_domains dstdomain webmail.foo.com
>
> http_access allow Websites Website_domains
> http_access deny Websites
>
> The problem is that is can't authenticate with my Exchange Server. When I
> get the login dialog from my Exchange Server and enter the *right*
> credentials I get an access denied after 3 tries. Do I have a config
> problem here???
>
> Next to this I also get a certificate error in my browser claiming that
> the cerfiticate could not be verified properly. I have a valid VeriSign
> signed certificate for this website .... can this be a problem of IE 7??
>
> TIA
>
> Bert.
>
>
>
