On 11/28/18 4:59 AM, jmperrote wrote: > This is the new error that I have when I tried to squidclint via https + > certicicate. You have many different problems. Problem 0: You are not responding on the mailing list. Please keep this thread on the mailing list so that others can benefit from this triage and so that others can help you. Problem 1: You seem to ignore errors and warnings that you can fix on your own. Please fix the ones you can fix before asking for help with the remaining problems. When asking for help, explain what you think each remaining warning/error means, and why you cannot fix that problem. This approach shows that you invest serious effort into making this work rather than simply abusing the mailing list as a free replacement for a system administrator. Problem 2: > squidclient -vvv --https --cert /soporte/ssl/educacion.crt -h 10.0.0.4 -p 1084 mgr:info The --cert option specifies a TLS client certificate. Your reverse proxy, AFAICT, does not use client certificates. Remove that option. See "man squidclient" for details about each option you use. Problem 3: > WARNING: Failed to load Certificate from /soporte/ssl/educacion.crt I do not know what went wrong here because you have not provided any relevant information like whether the file is actually there and can be read by the user squidclient runs as. Problem 4: > X.509 TLS handshake ... > VERIFY DATUM: The certificate is NOT trusted. The certificate issuer is > unknown. The name in the certificate does not match the expected. > WARNING: Insecure Connection Looks self-explanatory to me: Your squidclient does not trust the server certificate used by your reverse proxy. You may need to either * use a --trusted-ca option or * configure your TLS library environment to always trust the CA that signed the https_port certificate of your reverse proxy. Problem 5: > HTTP/1.1 401 Unauthorized > X-Squid-Error: ERR_CACHE_ACCESS_DENIED 0 > WWW-Authenticate: Basic realm=... Your reverse proxy requires HTTP client authentication. Depending on your needs, you should either * adjust your Squid http_access rules to disable authentication for cache manager requests or * give a valid username and password to squidclient (search "man squidclient" manual page for "authentication" and "WWW" to discover the right options). Potential problem 6: This may not be relevant to you, but please note that Squid Cache Manager does not yet support secure queries when Squid is running in SMP mode. For details, please see https://wiki.squid-cache.org/Features/CacheManager#Secure_SMP_reports HTH, Alex. _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
