Happy New Year Henrik! I apologize if I didn't reply to you but I'm just come-back from holidays..... Reading your last reply now it is a little clear to me but before starting the adventure I would like to reassume the needed steps...and this could be already a mini-howtoo :))) 1) Squid configuration (from previous reply): http_port 80 defaultsite=the.public.hostname cache_peer ip.of.owa 80 0 no-query originserver extension_methods RPC_IN_DATA RPC_OUT_DATA should do it. the.public.hostname is the hostname clients request from the Internet. 2) SSl Certificate generation The simplest method for creating a self-signed certificate for OpenSSL is to run openssl req -new -x509 -out selfsigned.pem -keyout key.pem -nodes -days 365 and answer the simple questions asked by OpenSSL. If you want to be able to request a real certificate from a CA then use the following instead openssl req -new -out request.pem -keyout key.pem -nodes openssl req -x509 -in request.pem -out selfsigned.pem -key key.pem then send request.pem to the CA of your choice requesting a "real" certificate, and use selfsigned.pem until the CA process is completed.. 3) Squid certificate handle I suppose I also need: - to copy the certificate under etc mv key.* /usr/local/squid/etc/ - to instruct Squid about certificate with a directive like this: https_port 443 cert=/usr/local/squid/etc/key.crt \ key=/usr/local/squid/etc/key.key This should be enought. Is it all correct? Thanks -----Messaggio originale----- Da: Henrik Nordstrom [mailto:henrik@xxxxxxxxxxxxxxxxxxx] Inviato: sabato 23 dicembre 2006 12.55 A: Reale Marco Cc: Squid Users Oggetto: RE: R: [squid-users] Reverse proxy on Mail Server tor 2006-12-21 klockan 19:04 +0100 skrev Reale Marco: > Now I have isa server 2006 in which I imported a certificate (not > verified but self-generated by IIS); ISA "speak" with Exchange 2003 in > a secure network providing rpc over http authentication > > internet---->(https)----->isa with certificate(http)----->exchange > 2003 > > Really my doubts are not strectly related to (only) squid > configuration but to the certificate handling (in combination with > squid) > > Thus I asked for an how-too that explain simply how to replicate a > typical configuration like this (with certificate) You need to either make a new certificate for Squid, or manage to export it to PEM format from the ISA server if you want to keep the exact same certificate. But since the ISA certificate is self-signed you can just as well make a new certificate for Squid. The simplest method for creating a self-signed certificate for OpenSSL is to run openssl req -new -x509 -out selfsigned.pem -keyout key.pem -nodes -days 365 and answer the simple questions asked by OpenSSL. If you want to be able to request a real certificate from a CA then use the following instead openssl req -new -out request.pem -keyout key.pem -nodes openssl req -x509 -in request.pem -out selfsigned.pem -key key.pem then send request.pem to the CA of your choice requesting a "real" certificate, and use selfsigned.pem until the CA process is completed.. Regards Henrik
