Hi, Hi, Thanks for that. I tried your recommendations and now I get this. 2012/03/13 12:11:25| clientNegotiateSSL: Error negotiating SSL connection on FD 18: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca (1/0) 2012/03/13 12:11:25| clientNegotiateSSL: Error negotiating SSL connection on FD 20: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca (1/0) 2012/03/13 12:11:27| clientNegotiateSSL: Error negotiating SSL connection on FD 18: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca (1/0) Adding ssl sslflags=NO_VERIFY_PEER to the cache_peer line gives: 2012/03/13 12:35:23| TCP connection to 192.168.124.169/443 failed 2012/03/13 12:35:23| SSL unknown certificate error 20 in /CN=savitr69 2012/03/13 12:35:23| SSL unknown certificate error 20 in /CN=savitr69 2012/03/13 12:35:23| fwdNegotiateSSL: Error negotiating SSL connection on FD 20: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed (1/-1/0) I'm a bit confused about the actual interaction between squid and the backend IIS server. The programmer has generated an ssl cert on the iis server, I have generated an ssl cert on squid. When I type https://www.example.com/Login.aspx, it asks me to add an exception for the squid box but the request now hangs at the iis server. As per my understanding according to the current setup, when a user visits www.example.com/Login.aspx he is presented with a "Add exception" window for the squid box, after accepting he should again be presented with an "add exception" window from the iis server, this never happens. Is there a better way to do this? Thanks, Adi -- View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/squid-3-1-endless-loop-IIS-webserver-tp4465329p4468478.html Sent from the Squid - Users mailing list archive at Nabble.com.
