On 04/03/11 23:51, info@xxxxxxxxxxxx wrote:
hi there. i have to set up a squid3 (built with enable-ssl) to accept requests from outlook for an exchange server and redirect them there. but i have a little trouble knowing which certificates i need all in all and which one of them to put where. when directly accessing the exchange server owa ith a web browser, i open https://[fqdn of exchange server]/owa. output of /usr/sbin/squid -v and the beginning of the squid.conf are included below. any hint and help is deeply appreciated :)
http://wiki.squid-cache.org/ConfigExamples/Reverse/OutlookWebAccess covers what you need. <snip>
squid.conf excerpt: # which certificate do i have to put in the https_port line? https_port [private ip of squid]:443 cert=[certificate1].pem defaultsite=[fqdn of exchange server]
This is the public facing port for the whole system. Whichever certificate you have for you OWA domain to connect visitors with goes there.
#which certificate do i have to put in the cache_peer line? cache_peer [fqdn of exchange server] parent 443 0 no-query originserver login=PASS ssl sslcert=/[certificate2].pem name=[fqdn of exchange server] front-end-https
Completely optional. Could be self-signed or none at all. It is only used between Squid and the OWA so as long as OWA accept it things are fine. The default with just "ssl" and no cert information is for Squid to generate a random client certificate and connect using that.
Amos -- Please be using Current Stable Squid 2.7.STABLE9 or 3.1.11 Beta testers wanted for 3.2.0.5
