> Hello, > > We have two proxies which allow our users access to the internet, one as > live box and one as a backup. Both boxes are running Gentoo and Squid 2.6 > STABLE16. Recently the live box was replaced with a new server. The OS and > Squid were installed as before with the same configuration file. It now > seems to have developed a problem when accessing HTTPS sites that require > a > certificate. When browsing to the site, it prompts for which certificate > to > use, then gives a little warning about how the hostname does not match the > URL and then loads half the page. After about 1-2mins, a 404 error is > produced in the areas which it hasn't loaded > <snip> > > Is there something obvious I should be checking? Sounds to me like a host name problem. running "squidclient mgr:info" on the live squid will give you the headers its sending out. Check for the name in X-Cache: and Via:. The visible hostname must match the one inside the certificate or the certificate will be seen as invalid. hostname is set either in the OS configuration /etc/hostname, or overridden in squid.conf with visible_hostname. > > I would have thought that even though I've installed a new OS which has > newer versions of bits and pieces than the backup one, this wouldn't make > much of a difference. Perhaps I'm wrong? Unless your squid.conf contains visible_hostname, the OS is in charge of the FQDN squid sends out as its identifier. HTH Amos
