Hi Amos, Thanks for the response. I tried using: https_port 443 accel defaultsite=ccapi.client.qvalent.com cert=C:\certificate\mycert.pem cache_peer ccapi.client.qvalent.com parent 443 0 no-query login=PASS ssl sslcert=C:\payway\ccapi.pem The transactions still did not work and when I checked the Squid cache.log, I found a message that says "commBind: Cannot bind socket FD 15 to *:443: (10013) WSAEACCES, Permission denied" - please let me know if this is a problem and if there is a way to work around this issue. Thanks, KB. On Tue, Feb 1, 2011 at 7:52 AM, Amos Jeffries <squid3@xxxxxxxxxxxxx> wrote: > On 01/02/11 09:01, Qvalpro Solutions wrote: >> >> Hi Amos, >> >> Thanks for the detailed response. I tried configuring Squid, but >> couldn't get it working yet. >> >> Can you please elaborate "You setup Squid as a reverse-proxy and make >> old billing application believe Squid is the Payway system. Usually >> via DNS". Sorry if this sounds dumb. >> >> Steps followed by myself: >> 1. Downloaded Squid 2.7 STABLE8 (reverse proxy with SSL support) and >> installed it in my windows server which has the billing application >> 2. Started the Squid service and stored the Payway's digital >> certificate inside the "payway" directory in C: of the windows server >> 3. Added the following options to the squid.conf file: >> https_port accel defaultsite=https://ccapi.client......./ccapi >> cert=C:\payway\ccapi.pem > > defaultsite is the domain name only. ie defaultsite=ccapi.example.com > >> cache_peer ssl sslcert=C:\payway\ccapi.pem > > > > I presume this works like all the other web API billing systems I've seen. > With the client connects to you like so? > client -> billing -> squid -> payway > > In which case you would use: > https_port 443 accel defaultsite=ccapi.example.com > sslcert=<something-self-signed> > cache_peer ccapi.example.com parent 443 0 no-query ssl sslcert=... > > to produce: > client -> billing --(SSL internal unverified)--> squid --(SSL certificate > verified)--> payway > > > The sslcert= for the https_port line can be something self-signed that the > billing system trusts but nobody anywhere else knows about. By default squid > will accept any client who can perform SSL. > > > If the billing system can be configured to use a proxy for internet access > that is even better, you can remove the http_port line tricks and just use > "http_port 3128" and "never_direct allow all". > > OR, you could make the billing->squid section work without SSL at all. Just > make sure the billing system works with http:// URLs and setup http_port 80 > accel defaultsite=. > > >> 4. Tried to initiate a test transaction from the billing application, >> but it didn't work. >> >> Assumptions made: >> 1. I have stored the Payway related details (aforementioned https URL, >> username, password& Merchant ID for the API) in the billing system >> installed in the windows server. I hope that when the billing >> application tries to process a credit card payment, the proxy will >> automatically take over the transaction. >> 2. I have not added the username/password of the API to the Squid >> configuration. Please let me know if I need to add the details in >> Squid proxy too and if yes, kindly provide me the syntax to be used. >> > > Most types of auth you will only need "login=PASS" (exact text) on the > cache_peer line and the credentials at the billing system end point. > >> Please let me know if I am going in the right direction. >> >> Thanks, >> KB. >> >> On Fri, Jan 28, 2011 at 11:08 AM, Amos Jeffries<squid3@xxxxxxxxxxxxx> >> wrote: >>> >>> On 28/01/11 07:48, Qvalpro Solutions wrote: >>>> >>>> Hi Folks, >>>> >>>> I just started exploring Squid proxy and I am clueless of how to use >>>> Squid in my setup. >>>> >>>> Some background on why I am trying to use the Squid proxy: >>>> I have a billing application installed in a windows server. This >>>> particular billing application uses some proprietary file system, >>>> which cannot be customized. I have purchased a Payway API account >>>> (Payway API is nothing but a payment processing system for credit >>>> cards) for using with the billing application. I just noticed that the >>>> Payway API needs a digital certificate to be installed for processing >>>> the payments. Unfortunately, my billing application doesn't allow any >>>> certificate installation. When I spoke to the billing application >>>> development company and Payway, they suggested me to use the Squid >>>> proxy to workaround the problem. I was also told that the Squid proxy >>>> can provide the client certificate. >>>> >>>> As I don't have adequate exposure to setting up proxy servers, I have >>>> the following questions: >>>> 1. Can I install the Squid proxy in the same server where my billing >>>> application is located? >>> >>> Yes. >>> >>> Additional problem though: Windows Squid builds only have experimental >>> SSL >>> support and are limited to squid-2.7 for now. >>> >>> If you need to do this for Windows please contact Guido at Acme >>> Consulting >>> (http://squid.acmeconsulting.it/) for support. >>> >>> >>>> 2. How do I connect the billing application to the Squid Proxy? Do I >>>> need to use some port for this and how am I supposed to connect the >>>> Squid Proxy to the Payway API? >>> >>> You setup Squid as a reverse-proxy and make old billing application >>> believe >>> Squid is the Payway system. Usually via DNS. Squid handles the rest once >>> requests are arriving nicely to it. >>> >>> Start with this: >>> http://wiki.squid-cache.org/ConfigExamples/Reverse/BasicAccelerator >>> it covers the very simple config just to get an accelerator working. >>> Stuff >>> like SSL require additional config. >>> >>>> 3. How do I install the digital certificate provided by Payway in the >>>> Squid proxy and what format of digital certificate is to be used - >>>> .net or PHP or ASP or something else? >>> >>> Squid uses .PEM format certificates. >>> >>> After doing the setup from your question 2. You configure Squid to use >>> them >>> with additional options on the cache_peer line. >>> Set the "ssl" flag to enable SSL on the link then any of the other ssl*= >>> options as needed by the Payway system. >>> >>> http://www.squid-cache.org/Doc/config/cache_peer/ >>> >>> (snipped Q4-6 since they are answerd above as well). >>> >>> Amos >>> -- >>> Please be using >>> Current Stable Squid 2.7.STABLE9 or 3.1.10 >>> Beta testers wanted for 3.2.0.4 >>> > > > -- > Please be using > Current Stable Squid 2.7.STABLE9 or 3.1.10 > Beta testers wanted for 3.2.0.4 >
