Hi all , I need a help in setting up squid for https reverse proxy I mean I want to authorize the certificate on my pc so that be able to acces https using http not tunnel method I have searched a lot and most of docs mention ssl pump , but again im here don’t want ssl pump feature and all I need is just reverse proxy. Here is steps that I did : cd /etc/squid openssl req -new -newkey rsa:1024 -days 3650 -nodes -x509 -subj '/C=dsa/ST=asd/L=aaa/O=abcv/CN=abc' -keyout /etc/squid/abc.pem -out /etc/squid/abc.pem openssl x509 -in /etc/squid/abc.pem -outform DER -out /etc/squid/abc.der whereis ssl_crtd chown squid:squid /var/lib/ssl_db after that edited squid.conf with : https_port 443 cert=/etc/squid/abc.pem key=/etc/squid/abc.pem then went to my browser and added abc.der as authorized certificates when I connect to proxy I have erros logs : 2015/04/20 15:44:18 kid1| Error negotiating SSL connection on FD 11: Success (0) 2015/04/20 15:44:19 kid1| Error negotiating SSL connection on FD 11: Success (0) 2015/04/20 15:44:21 kid1| Error negotiating SSL connection on FD 11: Success (0) 2015/04/20 15:44:23 kid1| Error negotiating SSL connection on FD 11: Success (0) 2015/04/20 15:45:33 kid1| Error negotiating SSL connection on FD 11: Success (0) 2015/04/20 15:45:33 kid1| Error negotiating SSL connection on FD 11: Success (0) 2015/04/20 15:47:01 kid1| Error negotiating SSL connection on FD 11: Success (0) 2015/04/20 15:53:44 kid1| Error negotiating SSL connection on FD 11: Success (0) 2015/04/20 15:53:46 kid1| Error negotiating SSL connection on FD 11: Success (0) 2015/04/20 15:53:47 kid1| Error negotiating SSL connection on FD 11: Success (0) Where could be the problem ? Here is my squid config : squid -v Squid Cache: Version 3.5.1 Service Name: squid configure options: '--prefix=/usr' '--includedir=/include' '--mandir=/share/man' '--infodir=/share/info' '--sysconfdir=/etc' '--enable-cachemgr-hostname=drx' '--localstatedir=/var' '--libexecdir=/lib/squid' '--disable-maintainer-mode' '--disable-dependency-tracking' '--disable-silent-rules' '--srcdir=.' '--datadir=/usr/share/squid' '--sysconfdir=/etc/squid' '--mandir=/usr/share/man' '--enable-inline' '--enable-async-io=8' '--enable-storeio=ufs,aufs,diskd,rock' '--enable-removal-policies=lru,heap' '--enable-delay-pools' '--enable-cache-digests' '--enable-underscores' '--enable-icap-client' '--enable-follow-x-forwarded-for' '--enable-auth' '--enable-basic-auth-helpers=LDAP,MSNT,NCSA,PAM,SASL,SMB,YP,DB,POP3,getpwnam,squid_radius_auth,multi-domain-NTLM' '--enable-ntlm-auth-helpers=smb_lm' '--enable-digest-auth-helpers=ldap,password' '--enable-negotiate-auth-helpers=squid_kerb_auth' '--enable-esi' '--disable-translation' '--with-logdir=/var/log/squid' '--with-pidfile=/var/run/squid.pid' '--with-filedescriptors=131072' '--with-large-files' '--with-default-user=squid' '--enable-linux-netfilter' '--enable-ltdl-convenience' '--enable-ssl' '--enable-ssl-crtd' '--enable-arp-acl' 'CXXFLAGS=-DMAXTCPLISTENPORTS=20000' '--with-openssl' '--enable-snmp' cheers |
_______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
