hi there. i have to set up a squid3 (built with enable-ssl) to accept requests from outlook for an exchange server and redirect them there. but i have a little trouble knowing which certificates i need all in all and which one of them to put where. when directly accessing the exchange server owa ith a web browser, i open https://[fqdn of exchange server]/owa. output of /usr/sbin/squid -v and the beginning of the squid.conf are included below. any hint and help is deeply appreciated :) marcel mueller some detailed info: Squid Cache: Version 3.1.6 configure options: '--build=i486-linux-gnu' '--prefix=/usr' '--includedir=${prefix}/include' '--mandir=${prefix}/share/man' '--infodir=${prefix}/share/info' '--sysconfdir=/etc' '--localstatedir=/var' '--libexecdir=${prefix}/lib/squid3' '--disable-maintainer-mode' '--disable-dependency-tracking' '--disable-silent-rules' '--srcdir=.' '--datadir=/usr/share/squid3' '--sysconfdir=/etc/squid3' '--mandir=/usr/share/man' '--with-cppunit-basedir=/usr' '--enable-inline' '--enable-async-io=8' '--enable-storeio=ufs,aufs,diskd' '--enable-removal-policies=lru,heap' '--enable-delay-pools' '--enable-cache-digests' '--enable-underscores' '--enable-ssl' '--enable-icap-client' '--enable-follow-x-forwarded-for' '--enable-auth=basic,digest,ntlm,negotiate' '--enable-basic-auth-helpers=LDAP,MSNT,NCSA,PAM,SASL,SMB,YP,DB,POP3,getpwnam,squid_radius_auth,multi-domain-NTLM' '--enable-ntlm-auth-helpers=smb_lm,' '--enable-digest-auth-helpers=ldap,password' '--enable-negotiate-auth-helpers=squid_kerb_auth' '--enable-external-acl-helpers=ip_user,ldap_group,session,unix_group,wbinfo_group' '--enable-arp-acl' '--enable-esi' '--disable-translation' '--with-logdir=/var/log/squid3' '--with-pidfile=/var/run/squid3.pid' '--with-filedescriptors=65536' '--with-large-files' '--with-default-user=proxy' '--enable-linux-netfilter' 'build_alias=i486-linux-gnu' 'CFLAGS=-g -O2 -g -Wall -O2' 'LDFLAGS=' 'CPPFLAGS=' 'CXXFLAGS=-g -O2 -g -Wall -O2' --with-squid=/root/squid3-3.1.6 squid.conf excerpt: # which certificate do i have to put in the https_port line? https_port [private ip of squid]:443 cert=[certificate1].pem defaultsite=[fqdn of exchange server] #which certificate do i have to put in the cache_peer line? cache_peer [fqdn of exchange server] parent 443 0 no-query originserver login=PASS ssl sslcert=/[certificate2].pem name=[fqdn of exchange server] front-end-https acl EXCH dstdomain [fqdn of exchange server] cache_peer_access [fqdn of exchange server] allow EXCH cache_peer_access [fqdn of exchange server] deny all never_direct allow EXCH http_access allow EXCH http_access deny all miss_access allow EXCH miss_access deny all
