Hi, Is it possible to send a certificate chain from squid when it's used in reverse proxy (accel) mode and compiled with gnutls ? I am running Debian Buster, and the packaged squid https://packages.debian.org/buster/squid is 4.6-1 squid -v reports that it is compiled --with-gnutls I have the following line (for squid proxy in front of Microsoft Exchange 2016). https_port 443 accel tls-cert=fullchain.crt tls-key=privkey.pem defaultsite=webmail.example.com vhost connection-auth=off tls-dh=dh2048.pem Where fullchain.crt is a concatenation of the public certificate and an intermediate CA. From the http://www.squid-cache.org/Versions/v4/cfgman/http_port.html page it says regarding the tls-cert option tls-cert= Path to file containing an X.509 certificate (PEM format) to be used in the TLS handshake ServerHello. ... When OpenSSL is used this file may also contain a chain of intermediate CA certificates to send in the TLS handshake. When GnuTLS is used this option (and any paired tls-key= option) may be repeated to load multiple certificates for different domains. is it possible to send an intermediate certificate when build with GnuTLS, and if so, what is the options ? Thanks in advance, Kate Dawson -- "The introduction of a coordinate system to geometry is an act of violence"
Attachment:
signature.asc
Description: PGP signature
_______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
