Hi Amos, thanks for your response. I'll try to clarify. I want my browser (a client's browser) to always go through a squid proxy for accessing any website (target application). This is because I have an icap service working on the data. Thus to my understanding this is a forward proxy. Since I want it to work for both http and https sites, I configured squid to work with ssl-bump as shown above. I have tested this configuration, by setting firefox proxy settings to go to squid on port 3128, and it seems to work fine :) Now I have an additional target application. This application happens to be a portal that is run on tomcat. Furthermore, it is a tomcat that I configured the security settings for. Thus I have browser -> squid -> portal (run on tomcat). To my understanding this is still part of the same forward proxy? am I wrong here? Unfortunately, on this particular setting I get the failure I showed above. > From cache.log: > -----BEGIN SSL SESSION PARAMETERS----- > MHECAQECAgMBBAIANQQg0b4mR/aJ5Vez5HNh6dSwUL4vs/d+v+ceEwKpWxHdFoME > MI3ZqOI/+MjpLLsjIoFchf9dxA/wD9aoZZgrbiq6GRtvOTWRRFeaQA1KFfVgmFo7 > FaEGAgRNgfR5ogQCAgEspAIEAA== > -----END SSL SESSION PARAMETERS----- > 2011/03/17 07:46:01| SSL unknown certificate error 18 in > /C=IL/ST=NA/L=NA/O=IBM/OU=HRL/CN=Magen > 2011/03/17 07:46:01| fwdNegotiateSSL: Error negotiating SSL connection on > FD > 13: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate > verify failed (1/-1/0) I guess I am still understanding something badly, please point me to it. Thanks, Ariel. -- View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/squid-as-forward-proxy-for-portal-run-on-tomcat-tp3383986p3388175.html Sent from the Squid - Users mailing list archive at Nabble.com.
