Hi All, Hope some-one out there would be able to assist me. We are currently running squid 2.7 Stable 8 build on a windows2003 Server. We had to renew Certificate on the Squid reverse proxy. In the past we just had to specify the cert and key value, but Thawte has recently changed their certificate model and now I need to specify the path to the Thawte root CA certificate as well. This portion of my config file looks like this: https_port 1.1.1.1:443 accel cert=c:/squid/etc/2010thawte.pem key=c:/squid/etc/2010key.pem cafile=c:/squid/ssl/ca/rootCA.pem When I parse the config file, it returns no errors, and I can stop and start the squid service without any problems. Browsing the site though generates a certificate error, and it seems as if the rootCA certificate can't be found. (IN IE the error is : The Certificate cannot be verified up to a trusted certification Authority) If I remove the portion "cafile=c:/squid/ssl/ca/rootCA.pem" from my config file, and restart the service, I get the same error. It almost seems as if squid is ignoring the cafile entry? Is there anyone out there who can assist me, or guide me in the correct direction? Am I using the cafile command correctly, or should I be using the capath entry? Is there a specific naming convention I should use for the rootCA and intermediate Thawte certificate if I want to make use of the capath entry? Any advice would be great.. Thanks Ed ##################################################################################### Scanned by MailMarshal - M86 Security's comprehensive email content security solution. Download a free evaluation of MailMarshal at www.m86security.com ##################################################################################### News24 Headlines - 'Penis cops' sentenced to 205 years (2010-09-29 11:46) view on http://n24.cm/dxLKUs - Rhinos are now being poisoned (2010-09-29 11:03) view on http://n24.cm/aLyjKP - Pienaar linked with Juventus (2010-09-29 12:11) view on http://n24.cm/acGx6x www.news24.com
