Hi all, I am trying to use squid as a forward proxy for target applications using both http and https sites I added the following lines to my squid.conf http_port 3128 ssl-bump key=/path/mykey.pem cert=/path/mycert.pem ssl_bump allow all Now I tested on third party http and https sites, and it works nicely :) However when I try to proxy a portal that I configured the security keys for it does not work >From cache.log: -----BEGIN SSL SESSION PARAMETERS----- MHECAQECAgMBBAIANQQg0b4mR/aJ5Vez5HNh6dSwUL4vs/d+v+ceEwKpWxHdFoME MI3ZqOI/+MjpLLsjIoFchf9dxA/wD9aoZZgrbiq6GRtvOTWRRFeaQA1KFfVgmFo7 FaEGAgRNgfR5ogQCAgEspAIEAA== -----END SSL SESSION PARAMETERS----- 2011/03/17 07:46:01| SSL unknown certificate error 18 in /C=IL/ST=NA/L=NA/O=IBM/OU=HRL/CN=Magen 2011/03/17 07:46:01| fwdNegotiateSSL: Error negotiating SSL connection on FD 13: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed (1/-1/0) I actually configured my tomcat and squid with the same security keystore. Of course tomcat used JKS and squid uses PEM, so I created a self signed JKS keystore for tomcat and then exported key and cert in PEM format from it to use for squid. This is how I did it: keytool -genkey -keyalg RSA -alias mykey -keystore keystore.jks -storepass "password" -validity 365 keytool -export -alias mykey -keystore keystore.jks -file mycert.crt keytool -import -trustcacerts -alias mycert -file mycert.crt -keystore keystore.jks keytool -importkeystore -srckeystore keystore.jks -srcstoretype JKS -deststoretype PKCS12 -destkeystore keystore.p12 openssl pkcs12 -in keystore.p12 -out keystore.pem openssl rsa -in keystore.pem -out mykey.pem openssl x509 -in keystore.pem -out mycrt.pem Then I use: keystore.jks for tomcat, and mykey.pem/mycert.pem for squid Of course if any of have made this type of configuration work, I am willing to create any key/cert/keystore for both squid/tomcat since they are both under my control. If anyone has an idea how to make this work, I'd be VERY grateful. Thanks, Ariel. -- View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/squid-as-forward-proxy-for-portal-run-on-tomcat-tp3383986p3383986.html Sent from the Squid - Users mailing list archive at Nabble.com.