you can see from my title what i'm trying to do. basically just channel https/SSL traffic from internet users through a squid reverse proxy to a backend rh9 server running weblogic using a free trial Verisign certificate. both machines are in the same internal network (same ip scheme). i've got things working, except for verifying of the peer (weblogic): http://norgesinternettforum.no/showpost.php?p=2652&postcount=2 i have been reading online for 8 hours a day the last 3-4 days and am about to throw in the towel and just run this biotch without verifying the peer, but henrik nordström says that this exposes me to a man in the middle attack. who would an attacker be getting in the middle between and how would he decrypt encrypted traffic? what is squid's actual role in this type of environment? is squid verifying external users? if so, then i would think that i should have created a csr (certificate signing request) from the debian machine running squid and submitted that to verisign instead of from the rh9 machine because i thought that an ssl only works on one machine. but then how would i run https on weblogic without an ssl certificate? Nick
