hi, i have searched the archive for a case like mine and could not find any help, so i would like to post my actual issue. i have an exchange 2010 server, configured to respond with a self-signed certificate to internal computers on our lan. i have a public certificate from a trusted CA, which does not include my internal domain, and for a couple of reasons i can't add this local internal domain to that public certificate. so whenever an internal outlook client tries to connect internally, exchange keeps saying that the certificates are not the same. on the external side, i can't connect to the OWA site without popping up the 'site is not trusted' message on the browser. i read about squid reverse proxy feature, which receive connections from the outside world using a public trusted certif. and pass it on to exchange server. i guess this could solve my problem, as i would not need to add the public certificate to the exchange server, but only to the squid server. from the wiki page i copied the following configuration into my squid.conf file, and adapted it. I am using squid version 3.0.STABLE1 ########################## START OF REVERSE PROXY CONFIG SOURCE: http://wiki.squid-cache.org/ConfigExamples/Reverse/ExchangeRpc ########## extension_methods RPC_IN_DATA RPC_OUT_DATA https_port <my-squid-server-internal-ip>:443 cert=/var/crt/my-public-domain-trusted-certificate.p7s defaultsite=my-public-domain.com cache_peer <my-exchange-server-internal-ip> parent 443 0 no-query originserver login=PASS ssl sslcert=/var/crt/my-self-signed-exchange-certificate.pfx name=exchangeServer acl EXCH dstdomain .rpc_domain_name cache_peer_access exchangeServer allow EXCH cache_peer_access exchangeServer deny all never_direct allow EXCH http_access allow EXCH http_access deny all miss_access allow EXCH miss_access deny all ########################## END OF REVERSE PROXY CONFIG but, i am getting this error when restarting squid: 2011/07/07 08:39:18| parseConfigFile: 'squid.conf' line 90 unrecognized: 'https_port <my-squid-server-internal-ip>:443 cert=/var/crt/my-public-domain-trusted-certificate.p7s defaultsite=my-public-domain.com' 2011/07/07 08:39:18| parse_peer: token='ssl' FATAL: Bungled squid.conf line 91: cache_peer <my-exchange-server-internal-ip> parent 443 0 no-query originserver login=PASS ssl sslcert=/var/crt/my-self-signed-exchange-certificate.pfx name=exchangeServer Squid Cache (Version 3.0.STABLE1): Terminated abnormally. CPU Usage: 0.010 seconds = 0.010 user + 0.000 sys Maximum Resident Size: 0 KB Page faults with physical i/o: 12 Does anyone have a hint where should i correct the config? thanks in advance Sidnei
