Hi, Bill Thanks a lot for helping. if what you mean is here: http_port 443 transparent cert=/home/larry/ssl/server.csr key=/home/larry/ssl/server.key Yes I am sure that's a csr file at that location. -- Cheers ~ Larry On Fri, Oct 18, 2013 at 12:00 AM, Bill Houle <bill.houle@xxxxxxxxx> wrote: > Did you really point the Cert to the CSR (CertReq file), or is that a typo? > > --bill > > > > >> On Oct 17, 2013, at 8:45 AM, Larry Zhao <thehiddendepth@xxxxxxxxx> wrote: >> >> Hi, Guys, >> >> >> I am trying to setup a SSL proxy for one of my internal servers to >> visit `https://www.googleapis.com` using Squid, to make my Rails >> application on that server to reach `googleapis.com` via the proxy. >> >> >> I am new to this, so my approach is to setup a SSL transparent proxy >> with Squid. I build `Squid 3.3` on Ubuntu 12.04, generated a pair of >> ssl key and crt, and configure squid like this: >> >> >> http_port 443 transparent cert=/home/larry/ssl/server.csr >> key=/home/larry/ssl/server.key >> >> >> And leaves almost all other configurations default. The authorization >> of the dir that holds key/crt is `drwxrwxr-x 2 proxy proxy 4096 >> Oct 17 15:45 ssl` >> >> >> Back on my dev laptop, I put `<proxy-server-ip> www.googleapis.com` in >> my `/etc/hosts` to make the call goes to my proxy server. >> >> >> But when I try it in my rails application, I got: >> >> >> SSL_connect returned=1 errno=0 state=SSLv2/v3 read server hello A: >> unknown protocol >> >> >> And I also tried with openssl in cli: >> >> >> openssl s_client -state -nbio -connect www.googleapis.com:443 2>&1 >> | grep "^SSL" >> >> SSL_connect:before/connect initialization >> >> SSL_connect:SSLv2/v3 write client hello A >> >> SSL_connect:error in SSLv2/v3 read server hello A >> >> SSL_connect:error in SSLv2/v3 read server hello A >> >> >> >> Where did I do wrong? >> >> -- >> >> Cheers ~ >> >> Larry