Did you really point the Cert to the CSR (CertReq file), or is that a typo? --bill > On Oct 17, 2013, at 8:45 AM, Larry Zhao <thehiddendepth@xxxxxxxxx> wrote: > > Hi, Guys, > > > I am trying to setup a SSL proxy for one of my internal servers to > visit `https://www.googleapis.com` using Squid, to make my Rails > application on that server to reach `googleapis.com` via the proxy. > > > I am new to this, so my approach is to setup a SSL transparent proxy > with Squid. I build `Squid 3.3` on Ubuntu 12.04, generated a pair of > ssl key and crt, and configure squid like this: > > > http_port 443 transparent cert=/home/larry/ssl/server.csr > key=/home/larry/ssl/server.key > > > And leaves almost all other configurations default. The authorization > of the dir that holds key/crt is `drwxrwxr-x 2 proxy proxy 4096 > Oct 17 15:45 ssl` > > > Back on my dev laptop, I put `<proxy-server-ip> www.googleapis.com` in > my `/etc/hosts` to make the call goes to my proxy server. > > > But when I try it in my rails application, I got: > > > SSL_connect returned=1 errno=0 state=SSLv2/v3 read server hello A: > unknown protocol > > > And I also tried with openssl in cli: > > > openssl s_client -state -nbio -connect www.googleapis.com:443 2>&1 > | grep "^SSL" > > SSL_connect:before/connect initialization > > SSL_connect:SSLv2/v3 write client hello A > > SSL_connect:error in SSLv2/v3 read server hello A > > SSL_connect:error in SSLv2/v3 read server hello A > > > > Where did I do wrong? > > -- > > Cheers ~ > > Larry
