Hi Amos Thanks for your reply I have made reverse proxy setup as follows, Client(https)-------(https)squid1(https))----(https)Originserver(8443) I have made squid conf as follows and setup works fine https_port 443 accel cert=/usr/local/myCA/certs/server.crt key=/usr/local/myCA/private/server.key cache_peer originserver parent 8443 0 originserver ssl no-digest sslcafile=/usr/local/myCA/certs/myca.crt no-digest Whether i need to specify ssl certificates/key in the cache_peer using sslcert and sslkey for the connections between squid and origin server to be in https? or just the CA certificate of the apache is enough.? Thanks, Anandha V On Fri, Nov 11, 2011 at 5:59 AM, Amos Jeffries <squid3@xxxxxxxxxxxxx> wrote: > On 10/11/2011 6:00 p.m., Anandha V wrote: >> >> Hello all, >> >> In the squid i can find the following tags under SSL, >> sslproxy_client_certificate, sslproxy_client_key, sslproxy_cafile >> >> In the reverse proxy configuration can we assign certificates using >> above tags instead of using the following in sslcert, sslkey, >> sslcafile, in cache_peer configuration. > > The global sslproxy_* directives control what Squid uses on DIRECT traffic > when it needs to handle all the SSL/TLS details of a https:// URL. > > cache_peer contains settings for a specific hard-coded link between this > Squid and another software which can handle HTTP (proxy or origin server). > SSL/TLS are some which can be set when that link needs to be encrypted. > > There is also a third location where SSL certs etc are setup. On http_port > when Squid is the receiving end of SSL/TLS connections. > > Amos > >
