Search squid archive

Re: https quick question

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



clientNegotiateSSL: Error negotiating SSL connection on FD 36: error:1407609B:SSL routines:SSL23_GET_CLIENT_HELLO:https proxy request (1/-1)
2015/05/21 20:20:17| clientNegotiateSSL: Error negotiating SSL connection on FD 45: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request (1/-1)
2015/05/21 20:20:17| clientNegotiateSSL: Error negotiating SSL connection on FD 36: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request (1/-1)
2015/05/21 20:20:17| clientNegotiateSSL: Error negotiating SSL connection on FD 36: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request (1/-1)
2015/05/21 20:20:17| clientNegotiateSSL: Error negotiating SSL connection on FD 36: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request (1/-1)
2015/05/21 20:20:17| clientNegotiateSSL: Error negotiating SSL connection on FD 45: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request (1/-1)
2015/05/21 20:20:17| clientNegotiateSSL: Error negotiating SSL connection on FD 54: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request (1/-1)
2015/05/21 20:20:17| clientNegotiateSSL: Error negotiating SSL connection on FD 29: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request (1/-1)




Amos can you assit with that ???

-----Original Message-----
From: snakeeyes [mailto:ahmed.zaeem@xxxxxxxxxxxx] 
Sent: Thursday, May 21, 2015 7:36 PM
To: 'Amos Jeffries'
Cc: squid-users@xxxxxxxxxxxxxxxxxxxxx
Subject: RE:  https quick question

Thank you amos so much

So far I didn’t add CA to my browser
And I followed many docs about how to create the .key file and .crt file but always I get( ssl negotiation error)

What could be the problem

Where should I check and troubleshoot ?

BTW I have the directive
https_port 443 accel key=/root/CA/myCA/private/squid.local.key cert=/root/CA/myCA/certs/squid.local.crt

where shoud I troubleshoot ?

appreciate  your help a lot

for start I want to start with self signed certificate but later I will buy a valid certificate

hope to help me

cheers



-----Original Message-----
From: squid-users [mailto:squid-users-bounces@xxxxxxxxxxxxxxxxxxxxx] On Behalf Of Amos Jeffries
Sent: Thursday, May 21, 2015 6:01 AM
To: squid-users@xxxxxxxxxxxxxxxxxxxxx
Subject: Re:  https quick question

On 22/05/2015 9:09 a.m., snakeeyes wrote:
> Hi ,
> 
> I WANT TO ESTABLISH squid https reverse proxy on squid
> 
>  
> 
> Assume I configured and the keys  xxxxx.crt & xxxxx.key needed for the 
> directive
> 
> https_port 443  accl cert=/etc/squid/ssl/xxxx.crt 
> key=/etc/squid/ssl/xxxx.key vhost
> 
>  
> 
> the question is being asked now
> 
>  
> 
> do I need to add a certificate in my browser to get it work ?

No.

> 
> if so , what key shoud I add ? the .cert file or the .key file ?


If it was signed by a global truted CA then you dont have to do anything more. Making it work for clients is what you are paying the CA for.

If those keys were signed by a custom CA you can optionally add *that
CA* to the browser trusted set. Or the user could click to add exception when they get their popup. Some of the browsers now are ignoring self-signed certs (provided they are valid to the server being contacted). Or you could add TLSA records to your DNS for the domain.

Amos

_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users

_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users





[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux