On 11/11/2011 2:54 p.m., Anandha V wrote:
Hi Amos Thanks for your reply I have made reverse proxy setup as follows, Client(https)-------(https)squid1(https))----(https)Originserver(8443) I have made squid conf as follows and setup works fine https_port 443 accel cert=/usr/local/myCA/certs/server.crt key=/usr/local/myCA/private/server.key cache_peer originserver parent 8443 0 originserver ssl no-digest sslcafile=/usr/local/myCA/certs/myca.crt no-digest Whether i need to specify ssl certificates/key in the cache_peer using sslcert and sslkey for the connections between squid and origin server to be in https? or just the CA certificate of the apache is enough.?
The minimum config is just "ssl" option on the cache_peer. Which will verify the Apache certificate is valid and send a generic client certificate. The rest is just about how much you want to lock down the security. * If Apache is validating a specific client certificate you need to configure that cert to be sent by Squid. * If Apache is using a self-signed certificate you need to configure wither sslflags=DONT_VERIFY_PEER or the CA to validate it with into Squid.
Amos
