On fre, 2007-09-21 at 12:31 +0100, Gordon McKee wrote: > here are the squid.conf line > https_port 82.36.186.17:443 > cert=/usr/local/etc/squid/sslcert/opl20070919.pem ca > file=/usr/local/etc/squid/sslcert/opl-all.pem name=opls > defaultsite=www.optimalp > rofit.com > > cache_peer 192.168.0.11 parent 443 0 no-query originserver login=PASS > nam > e=opls ssl sslcert=/usr/local/etc/squid/sslcert/opl20070919.pem > cache_peer_domain opls www.optimalprofit.com > 2007/09/21 12:24:41| fwdNegotiateSSL: Error negotiating SSL connection on FD > 19: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate > verify failed (1/-1/0) > 2007/09/21 12:24:41| TCP connection to 192.168.0.11/443 failed > You need to move cafile from https_port to cache_peer. It's the peers certificate which is rejected. It's not needed in https_port. Regards Henrik
Attachment:
signature.asc
Description: This is a digitally signed message part