On 8/02/2015 9:28 a.m., Hector Chan wrote: > Hi all, > > I have a question about the CA file for SSL certificates. If I don't > specify anything for CA, what is default CA certs that squid will use for > the cache_peer ? The ones OpenSSL is configured to use. > > Here is a snippet of my config file. > > https_port 127.0.0.1:4443 accel \ > cert=/etc/certs/certificate \ > key=/etc/certs/key \ > options=NO_SSLv2,NO_SSLv3 > ... > cache_peer xyz.example.com parent 443 0 \ > no-query originserver \ > ssl forceddomain= xyz.example.com \ NP: be careful about the whitespace there after forcedomain= . It will force the domain to be *unset* if the parameter is whitespace. > login=PASS \ > sslcert=/etc/certs/certificate \ > sslkey=/etc/certs/key \ > ssloptions=NO_SSLv2,NO_SSLv3 In this configuration the peer certificate will be signed by some CA (maybe you dong self-signing). You need to add the public key for that CA to the cache_peer like so: cache_peer ... \ sslcafile=/path/to/xyz.example.com/publicCAkey.pem Amos _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
