Re: problem in squid certificate installtion

"snakeeyes" <ahmed.zaeem@xxxxxxxxxxxx> · Wed, 22 Apr 2015 00:30:17 -0700

Hmmm ,  cant u  provide more info??
I followed wiki 
http://wiki.squid-cache.org/ConfigExamples/Reverse/SslWithWildcardCertifiate

but im still confused with certificates , if possible and don’t mind , could u tell me brief steps ?

thanks a lot for ur kind help

regards

From: squid-users [mailto:squid-users-bounces@xxxxxxxxxxxxxxxxxxxxx] On Behalf Of Yuri Voinov
Sent: Tuesday, April 21, 2015 11:19 AM
To: squid-users@xxxxxxxxxxxxxxxxxxxxx
Subject: Re:  problem in squid certificate installtion

-----BEGIN PGP SIGNED MESSAGE----- 
Hash: SHA256 

Self-signed certificate is not suitable for use in a reverse proxy.

22.04.15 9:17, snakeeyes пишет:
> Hi 

      >

      > I need to setup squid proxy as reverse proxy with https
      enabled

      >

      > I tried  the bash script below and it run ok :

      >

      > ###########################

      >

      > OPENSSL=/usr/bin/openssl

      >

      >  

      >

      > SSLDIR=/etc/mydlp/ssl

      >

      >  

      >

      > mkdir -p $SSLDIR || exit 1

      >

      >  

      >

      > rm -rf $SSLDIR/*

      >

      >  

      >

      > [ -e $SSLDIR/private.pem ] || $OPENSSL genrsa 4096 >
      $SSLDIR/private.pem

      >

      >  

      >

      > [ -e $SSLDIR/public.pem ] || (echo -e

      >
      "TR\nAnkara\nTechnopolis\nMyDLP\nMyDLP\n*\nsupport@xxxxxxxxx\n"|
      $OPENSSL

      > req -new -x509 -days 3650 -key $SSLDIR/private.pem -out
      $SSLDIR/public.pem)

      >

      >  

      >

      > [ -e $SSLDIR/user.der ] || $OPENSSL x509 -in
      $SSLDIR/public.pem -outform DER

      > -out $SSLDIR/user.der

      >

      > ######################################

      >

      >  

      >

      >  

      >

      > ls -l /etc/mydlp/ssl

      >

      > total 12

      >

      > -rw-r--r-- 1 root root 3243 Apr 21 08:26 private.pem

      >

      > -rw-r--r-- 1 root root 2090 Apr 21 08:26 public.pem

      >

      > -rw-r--r-- 1 root root 1501 Apr 21 08:27 user.der

      >

      >  

      >

      > ######################################

      >

      >  

      >

      > Added to squid.conf :

      >

      >  

      >

      > https_port 443 key=/etc/mydlp/ssl/private.pem
      cert=/etc/mydlp/ssl/public.pem

      >

      >  

      >

      >  

      >

      >  

      >

      > And when I start squid , 

      >

      >  

      >

      > FATAL: No valid signing SSL certificate configured for
      HTTPS_port [::]:443

      >

      > Squid Cache (Version 3.5.1): Terminated abnormally.

      >

      > CPU Usage: 10.189 seconds = 10.133 user + 0.056 sys

      >

      > Maximum Resident Size: 271264 KB

      >

      > Page faults with physical i/o: 44

      >

      >  

      >

      >  

      >

      >  

      >

      >  

      >

      > Hope to help

      >

      >  

      >

      > regards

      >

      >

      >

      >

      > _______________________________________________

      > squid-users mailing list

      > squid-users@xxxxxxxxxxxxxxxxxxxxx

      > http://lists.squid-cache.org/listinfo/squid-users

-----BEGIN PGP SIGNATURE----- 
Version: GnuPG v2 

iQEcBAEBCAAGBQJVNpSSAAoJENNXIZxhPexGq+4H/3KGzflx2iP+/nYH9SITqmun 
okbIgNUX31WbNYWy8Na+7fnEqE/e/Sfc5qGP2LhbL3iPz72pspBE0vpvLPvAa8iL 
kak/CLDEaFXizPVhfPIi7FI9Vdpvl4D2Pfm3aHHXxoTFjmLvM6htTlNntNCYuG1P 
iLm7gFUNC9pltRrEbnKmhxh3CKsc6iUC3L3muLLaH3WX7WJNtCzTxh+8OQKeDIh1 
ZWAbvpXnPT6PdXI4rDF6+J16eC6TUo0stiWds2XsYH958AWJRwcHi5UL+Vgq1X6Z 
9GWYZVKlXNxBfGR5Zv1anmmaDP2ouJG3DwI5U8Dqe6B6dcGYQWtU+m1Hieuy5Ko= 
=BiO/ 
-----END PGP SIGNATURE----- 
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users