Let me re ask, as I have miss understood what sslcert is used for. if cache_peer points to 127.0.0.1 433 and the cert coming back says office.abc.com with no subj alt for 127.0.0.1 will squid complain ? if so how can I get around without using the DONT_VERIFY option On 24 October 2015 at 11:51, Alex Samad <alex@xxxxxxxxxxxx> wrote: > Hi > > I have squid on centos 6. the version that comes with it unfortunately. > > I have configured it to be a reverse proxy to our exchange box. > > so it answers on office.abc.com > now I have 2 cache peers setup > > 10.1.1.1. the exchange box << all the predefined URIs go here > 127.0.0.1 443 the rest go here. > > Its https to 127.0.0.1. > > I have sslflags=DONT_VERIFY_PEER in the cache_peer command. It was > suggest to remove this. > > But the cert on the end of 127.0.0.1 is office.abc.com. I can't use > cache_peer office.abc.com because it will just hit the squid box. > > I also have the cert define sslcert=/etc/httpd/conf.d/office.abc.com.crt > > Is that going to cause an issue, the is no subjAlt for 127 in the cert > name. will squid just check the certs. _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
