Hello World. Noob Here. I have successfully setup squid as a reverseproxy for port 80, however my attempts to set up the same server to point to a https server on sharepoint have failed. All I get is the authentication box, and the following error message in cache.log: fwdNegotiateSSL: Error negotiating SSL connection on FD 11: error:00000000:lib(0):func(0):reason(0) (5/-1/104) The only caveat I have is that I am using an SSL cert that was assigned to another IP address, do you have to have matching SSL certs for this to work properly? Here is my squid config: visible_hostname squid.localhost always_direct allow all ssl_bump allow all pipeline_prefetch off http_port 80 defaultsite=1.2.3.60 https_port 443 cert=/usr/ssl/lol.cer key=/usr/ssl/llol2.server.pem connection-auth=on defaultsite=1.2.3.11 cache_peer 1.2.3.60 parent 80 0 no-query originserver no-digest login=PASS name=bi_iis cache_peer 1.2.3.11 parent 443 0 connection-auth=on no-query originserver login=PASSTHRU ssl sslflags=DONT_VERIFY_PEER name=sharepoint acl bi_server dst 1.2.3.60 acl sharepoint dst 1.2.3.11 acl lan1 src 1.2.3.0/32 acl lan2 src 1.2.3.0/32 acl vpn src 5.6.7.0/32 acl externalip src 2.3.4.0/32 cache_peer_access bi_iis allow bi_server cache_peer_access bi_iis allow lan1 cache_peer_access bi_iis allow lan2 cache_peer_access bi_iis allow vpn cache_peer_access bi_iis allow externalip cache_peer_access bi_iis deny all cache_peer_access sharepoint allow bi_server cache_peer_access sharepoint allow lan1 cache_peer_access sharepoint allow lan2 cache_peer_access sharepoint allow vpn cache_peer_access sharepoint allow externalip cache_peer_access sharepoint deny all http_access allow lan1 http_access allow lan2 http_access allow vpn http_access allow externalip #negative dns entry acl localhost src 127.0.0.1/32 acl manager proto cache_object acl Safe_ports port 80 # httpacl Safe_ports port 443 #https acl CONNECT method CONNECT acl POST method POST never_direct allow CONNECT never_direct allow POST never_direct allow ALL sslproxy_flags DONT_VERIFY_PEER cache_mgr a@xxxxxxx http_access allow manager localhost http_access allow lan1 http_access allow lan2 http_access allow vpn http_access allow externalip http_access deny manager http_access deny !Safe_ports http_access deny CONNECT #http_access deny all Any help is appreciated thank you. Dale J. Rodriguez
