Amos Jeffries <squid3@xxxxxxxxxxxxx> escribió:
Luis Daniel Lucio Quiroz wrote:
Le Lundi 22 Mars 2010 21:47:05, Guido Marino Lorenzutti a écrit :
Hi people: Im trying to give my clients access to my non ssl
webservers thru my reverse proxies adding ssl support on them.
Like the subject tries to explain:
WAN CLIENTS --- SSL SQUID (443) --- NON SSL webserver (80).
This is the relevant part of the squid.conf:
https_port 22.22.22.22:443 cert=/etc/squid/crazycert.domain.com.crt
key=/etc/squid/crazycert.domain.com.key
defaultsite=crazycert.domain.com vhost
sslflags=VERIFY_CRL_ALL,VERIFY_CRL cafile=/etc/squid/ca.crt
clientca=/etc/squid/ca.crt
"cafile=" option overrides the "clientca=" option and contains a
single CA to be checked.
Set clientca= to the file containing the officially accepted global
CA certificates. The type used for multiple certificates is a .PEM
file if I understand it correctly.
If you have issued the clients with certificates signed by your own
custom CA, then add that to the list as well.
I will assume that you know how to do that since you are requiring it.
Well, with your suggestion now I can connect. But it seems that
something is missing. I can connect with any browser, with or without
any cert installed on them.
Maybe the VERIFY_CRL_ALL,VERIFY_CRL dosen't work as I expected?
Any ideas?
Tnxs in advance.
