On 24/10/2015 2:22 p.m., Alex Samad wrote: > Let me re ask, as I have miss understood what sslcert is used for. > > > if cache_peer points to 127.0.0.1 433 and the cert coming back says > office.abc.com with no subj alt for 127.0.0.1 will squid complain ? if > so how can I get around without using the DONT_VERIFY option > Set the cache_peer sslcafile= option with the PEM file containing the CA that was used to sign the office.abc.com server certificate. Since your peer has raw-IP you may also need to set ssldomain=office.abc.com to inform verification that is the domain the server cert is for. You may also want to use sslflags=NO_DEFAULT_CA to prevent hijacking by agents with rogue global CA certs on the peer connection. Amos _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
