I am trying to do the same thing. OWA works, but so far no joy with RPCoHTTP. Do I have to do something in OL to make it accept the certificate? The cert's are purchased from godaddy.com. For each, I appended the bundled gd_intermediate to the domain cert. Also, in the example config for OWA, I am confused by the following: acl OWA dstdomain owa_hostname cache_peer_access owa_hostname allow OWA Doesn't the 2nd line just grant access from owa_hostname to owa_hostname ?? My current config (which works for OWA, but not RPCoHTTP): extension_methods RPC_IN_DATA RPC_OUT_DATA https_port public_ip_for_owa:443 cert=/usr/share/ssl/owa/combined.crt key=/usr/share/ssl/owa/owa.key defaultsite=owa.tld.com https_port public_ip_for_rpc:443 cert=/usr/share/ssl/rpc/combined.crt key=/usr/share/ssl/rpc/rpc.key defaultsite=rpc.tld.com cache_peer ip_of_exchange parent 80 0 no-query originserver front-end-https=auto login=PASS acl manager proto cache_object acl localhost src 127.0.0.1/255.255.255.255 acl to_localhost dst 127.0.0.0/8 acl SSL_ports port 443 563 acl CONNECT method CONNECT acl OWA dstdomain owa.tld.com acl RPC dstdomain rpc.tld.com http_access allow manager localhost http_access allow OWA http_access allow RPC http_access deny manager http_access deny !Safe_ports http_access deny CONNECT !SSL_ports http_access deny to_localhost http_access allow localhost http_access deny all http_reply_access allow all icp_access deny all miss_access allow OWA miss_access allow RPC miss_access deny all cache_peer_access ip_of_exhcange allow OWA cache_peer_access ip_of_exhcange allow RPC cache_peer_access ip_of_exhcange deny all never_direct allow OWA never_direct allow RPC Thanks again, Alan Lehman > -----Original Message----- > From: Odhiambo Washington [mailto:odhiambo@xxxxxxxxx] > Sent: Monday, June 02, 2008 11:41 AM > To: Squid users > Subject: Re: Is it possible to have squid as do Proxy and > OWA/RPCoHTTPS accelerator? > > On Mon, Jun 2, 2008 at 7:27 PM, Henrik Nordstrom > <henrik@xxxxxxxxxxxxxxxxxxx> wrote: > > On mån, 2008-06-02 at 13:41 +0300, Odhiambo Washington wrote: > >> (actually, this is supposed to be the only entry for cache_peer I am > >> goingto have?) > > > > If you only have one server, and that server is only talking http > then > > yes there is only a single cache_peer.. > > Understood. > > >> That has worked. It also requied a PEM passphrase. I hope this is > not > >> supposed to be another problem. These ssl stuff! > > > > You can configure the password in squid.conf if the PEM key is > > encrypted, or easily decrypt it with the openssl rsa command. > > Understood as well. > > >> In my case, I don't have a certificate for the external hostname, > >> which brings me back to the confusing issue regarding the > certificate: > >> I can make a self-signed certificate for the external hostname. Not > a > >> problem. However, does this mean I really don't need the internal > >> certifcate Exchange is using? > > > > Correct. > > Pooh! That was so confusing:-) > > >> Suppose: > >> > >> My Squid host is publicly known as mail.odhiambo.COM (IP of 1.2.3.4) > >> My Exchange server is named msexch.msexch.odhiambo.BIZ (IP of > 192.168.0.26) > >> > >> Given that both OWA and RPCoHTTPS are directed at these... > >> > >> What values should I use for the following variables (from the > wiki): > >> > >> (a) owa_hostname? > > > > In https_port defaultsite you should use mail.odhiambo.COM as this is > > what the clients are expected to connect to. > > > >> (b) ip_of_owa_server? > > > > The ip of your exchange/owa server. > > > >> (c) rpcohttp.url.com? > > > > Ignore. That example uses a setup with more Exchange servers, where > OWA > > is running on a separarate server from Exchange. > > > >> (d) the_exchange_server? > > > > Ignore as above. > > > >> >From there, I believe I will only get stuck at the ssl certificates > >> step, which is where I am still a bit confused. > > > > Since you are not going to use a real certificate then issue yourself > a > > self-signed one using OpenSSL. > > > > openssl req -new -x509 -days 10000 -nodes -out > mail.odhiambo.COM_selfsigned.pem -keyout mail.odhiambo.COM_key.pem > > Everything is all clear now. > > Will find good time to test this out and see how well it goes. > > Thank you very much, Amos and Henrik! That was quite some > hand-holding. I really appreciate. > > -- > Best regards, > Odhiambo WASHINGTON, > Nairobi,KE > +254733744121/+254722743223
