Search squid archive

Re: Reverse and SSL cert

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




Is the certificate the same of exchange ?
(if yes) The same certificate will installed on squid and on exchange?
How to make the .pem certificate for squid?
You need to tell us more about your setup. Probably you want to terminate a SSL connection on the reverse-proxy and forward the request to an internal server that happens to run SSL. In this case the certificate the the external client will get is the one configured in the https_port directive. For the second SSL connection (presumably to Exchange) you need a second certificate, which is defined in the cache_peer directive. This cert is just used to identify squid the the exchange server. Another problem arises: if we are talking about OWA or RPCvia HTTP access to exchange, you need to make sure that the domain for the requests is the same all the time, i.e. the external client is requesting owa.domain.com which you are forwarding, say, to exchange.company.local. You must make sure that the these two domains map to one in DNS, otherwise the requests will fail. Plus the certificates need to reflect this ... there are commercial certificates where you can enter two different domain names into one cert.Look for "Subject Alternative Names (SAN)" certificates. You can use such a cert on squid and the exchange server.

Remark, not sure if it applies: If using Outlook as RPCvia HTTPS client, you will have trouble with self-signed certs. Outlook does not display a warning but just rejects the connection unless a self-signed cert has been accepted into the certificate store of the operating system e.g. by going through an IE certificate dialogue.

HTH,
Jakob Curdes


[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux