Le Lundi 22 Mars 2010 21:47:05, Guido Marino Lorenzutti a écrit : > Hi people: Im trying to give my clients access to my non ssl > webservers thru my reverse proxies adding ssl support on them. > > Like the subject tries to explain: > > WAN CLIENTS --- SSL SQUID (443) --- NON SSL webserver (80). > > This is the relevant part of the squid.conf: > > https_port 22.22.22.22:443 cert=/etc/squid/crazycert.domain.com.crt > key=/etc/squid/crazycert.domain.com.key > defaultsite=crazycert.domain.com vhost > sslflags=VERIFY_CRL_ALL,VERIFY_CRL cafile=/etc/squid/ca.crt > clientca=/etc/squid/ca.crt > > cache_peer crazycert.domain.com parent 80 0 no-query proxy-only > originserver login=PASS > > Im using a self signed certificate and the squid should not allow the > connection if the client does not have a valid key. > > When I try to connect I get this error: > > 2010/03/23 00:39:47| SSL unknown certificate error 3 in > /C=AR/ST=Buenos Aires/L=Ciudad Aut\xF3noma de Buenos Aires/O=Consejo > de la Magistratura de la C.A.B.A./OU=Direcci\xF3n de Inform\xE1tica y > Tecnolog\xEDa/CN=Guido Marino > Lorenzutti/emailAddress=glorenzutti@xxxxxxxxxxxxxxxx > > 2010/03/23 00:39:47| clientNegotiateSSL: Error negotiating SSL > connection on FD 12: error:140890B2:SSL > routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate returned (1/-1) > > Any ideas? > I don't think the problem is in the certificates, coz im using them on > an apache working like reverse proxy. But I would prefer having squid > for everything. > > Tnxs in advance. You cant look for apache fake-ssl mod to do that
