> -----Original Message----- > From: John Gardner [mailto:John.Gardner@xxxxxxxxxxxxxxxxxxxx] > Sent: Monday, February 14, 2011 8:25 AM > To: Dean Weimer; squid-users@xxxxxxxxxxxxxxx > Subject: RE: Reverse Proxy and Externally Generated Wildcard > SSL Certificates > > >John, > > I believe what you need to do is export the Certificates from the IIS > servers, they will be saved in a .pfx file, which is the PKCS12 format. > >OpenSSL can convert these into the PEM format that squid supports, these > commands will give you the desired output. > > > >Exports the Certificate: > >openssl pkcs12 -in server.pfx -out server.crt -nodes -nokeys -clcerts > > > >Exports the Private Key (Note will not be encrypted, store in safe place): > >openssl pkcs12 -in server.pfx -out server.key -nodes -nocerts -clcerts > > > >The openssl man page and the pkcs12 man page will have more information > about these options if you need them. > > Dean > > Thanks for the help, but I've just found out that the CSR (and therefore > private key) were all generated from a Juniper VPN Appliance and so now all > bets are off :-/ > > Cheers > They may already be stored in PEM format then, the JUNEOS that runs on most Juniper devices was originally derived from FreeBSD and as such its SSL implementation is likely based on OpenSSL (of course that's just a guess). I haven't worked on any Juniper devices myself, so I am of no help in figuring out how to export them. If they were generated on the Juniper VPN appliance, is that device already doing HTTPS offloading for you? You might not get the desired benefit moving that to a Squid proxy server if it is, perhaps just placing the proxy between the VPN appliance and the backend web server to utilize the cache would give you the desired outcome without needing to move the SSL. Thanks, Dean Weimer Network Administrator Orscheln Management Co
