On 22/05/2015 9:09 a.m., snakeeyes wrote: > Hi , > > I WANT TO ESTABLISH squid https reverse proxy on squid > > > > Assume I configured and the keys xxxxx.crt & xxxxx.key needed for the > directive > > https_port 443 accl cert=/etc/squid/ssl/xxxx.crt > key=/etc/squid/ssl/xxxx.key vhost > > > > the question is being asked now > > > > do I need to add a certificate in my browser to get it work ? No. > > if so , what key shoud I add ? the .cert file or the .key file ? If it was signed by a global truted CA then you dont have to do anything more. Making it work for clients is what you are paying the CA for. If those keys were signed by a custom CA you can optionally add *that CA* to the browser trusted set. Or the user could click to add exception when they get their popup. Some of the browsers now are ignoring self-signed certs (provided they are valid to the server being contacted). Or you could add TLSA records to your DNS for the domain. Amos _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
