On 17/08/18 20:39, pius wrote: > Hi Amos, > > > Thanks for the reply. It makes more things clear. > > I do apologize for a Friday message in advance. > > I will explain a bit more about my situation. We are using Jfrog artifactory > in our private network. Artifactory host lots of remote repos. We are > planning lock down the artifactory using squid. So in my case artifactory is > the client. > > artifactory ------> Squid(whitelist) -----> Internet > http (3129) / https (3130) > > I followed the steps from your message. I trust the self-signed squid > certificate in artifactory. Now I error I am getting is in artifactory is > > "Connection to remote repository failed: Host name 'repo.jenkins-ci.org' > does not match the certificate subject provided by the peer > (CN=130.211.20.35)" > > Looks like artifactory is requesting repo.jenkins-ci.org to squid without > enough information about domain name. May be that why squid created a ssl > certificate in behalf of artifactory with a IP address and instead of domain > name. So how can map the ip to a domain name ? DNS server ? > With the config I provided Squid should only send the custom cert to the client if there is a problem connecting to the upstream server of your http_access rules perform a "deny" action. Are you able to identify which of those is going on? your Squid access.log and/or cache.log should have some hints. Amos _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
