On mån, 2008-06-02 at 11:09 +0300, Odhiambo Washington wrote: > it, especially because Outlook needs the https:// URI. However, as we > are going to do the SSL offloading on the accelerator, I believe > http:// would suffice. It will, but you need to configure Squid cache_peer with the front-end-https=auto option to let OWA know there is an SSL frontend doing https->http translation. > The certificate required in the Squid config MUST be in pem format?? Yes. > That is where my problem is. When I read about exporting the > certificate used in the exchange server, all I was able to get is a > .pfx certificate. Not sure if squid will accept this as-is, or should > I just blindly try?:-) pfx archives is binary encrypted archives of both the certificate and private key. Used for transferring a certificate from one server to another is a reasonably secure manner. It can be converted to PEM files by using the openssl tool. openssl pkcs12 -in file.pfx -out file.pem it will ask you for the export password (encryption key). > Let me take another stub at this question, so as to be clear: > In both config examples, there is the following specification: > > https_port ip_of_squid:443 cert=/path/to/certificate/ > defaultsite=owa_hostname (the OWA example) > https_port ip_of_squid:443 cert=/path/to/certificate > defaultsite=rpcohttp.url.com (the RPCoHTTPS example) defaultsite SHOULD be the external hostname the clients connect to, which usually is the same name as the certificate is issued to. If unsure use vhost instead.. Note: There can only be one https_port per ip:port combination. But quite likely the same can be used both for OWA and RPCoHTTP even if you have OWA and Exchange on different servers... (which you don't, you have them both on the same server) Regards Henrik
Attachment:
signature.asc
Description: This is a digitally signed message part
