[squid-users] problem in squid certificate installtion
Yuri Voinov
yvoinov at gmail.com
Tue Apr 21 21:34:49 UTC 2015
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Said it was enough to understand. :)
I strictly recommend to start from here:
http://en.wikipedia.org/wiki/Public_key_infrastructure
22.04.15 13:30, snakeeyes пишет:
> Hmmm , cant u provide more info??
>
> I followed wiki
>
>
http://wiki.squid-cache.org/ConfigExamples/Reverse/SslWithWildcardCertifiate
>
>
>
> but im still confused with certificates , if possible and don’t mind ,
could u tell me brief steps ?
>
>
>
> thanks a lot for ur kind help
>
>
>
> regards
>
>
>
> From: squid-users [mailto:squid-users-bounces at lists.squid-cache.org]
On Behalf Of Yuri Voinov
> Sent: Tuesday, April 21, 2015 11:19 AM
> To: squid-users at lists.squid-cache.org
> Subject: Re: [squid-users] problem in squid certificate installtion
>
>
>
>
> Self-signed certificate is not suitable for use in a reverse proxy.
>
> 22.04.15 9:17, snakeeyes пишет:
> > Hi
>
>
>
>
>
>
>
> > I need to setup squid proxy as reverse proxy with https
>
> enabled
>
>
>
>
>
>
>
> > I tried the bash script below and it run ok :
>
>
>
>
>
>
>
> > ###########################
>
>
>
>
>
>
>
> > OPENSSL=/usr/bin/openssl
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> > SSLDIR=/etc/mydlp/ssl
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> > mkdir -p $SSLDIR || exit 1
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> > rm -rf $SSLDIR/*
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> > [ -e $SSLDIR/private.pem ] || $OPENSSL genrsa 4096 >
>
> $SSLDIR/private.pem
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> > [ -e $SSLDIR/public.pem ] || (echo -e
>
>
>
>
>
>
<mailto:TR\nAnkara\nTechnopolis\nMyDLP\nMyDLP\n*\nsupport at mydlp.com\n>
"TR\nAnkara\nTechnopolis\nMyDLP\nMyDLP\n*\nsupport at mydlp.com\n"|
>
> $OPENSSL
>
>
>
> > req -new -x509 -days 3650 -key $SSLDIR/private.pem -out
>
> $SSLDIR/public.pem)
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> > [ -e $SSLDIR/user.der ] || $OPENSSL x509 -in
>
> $SSLDIR/public.pem -outform DER
>
>
>
> > -out $SSLDIR/user.der
>
>
>
>
>
>
>
> > ######################################
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> > ls -l /etc/mydlp/ssl
>
>
>
>
>
>
>
> > total 12
>
>
>
>
>
>
>
> > -rw-r--r-- 1 root root 3243 Apr 21 08:26 private.pem
>
>
>
>
>
>
>
> > -rw-r--r-- 1 root root 2090 Apr 21 08:26 public.pem
>
>
>
>
>
>
>
> > -rw-r--r-- 1 root root 1501 Apr 21 08:27 user.der
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> > ######################################
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> > Added to squid.conf :
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> > https_port 443 key=/etc/mydlp/ssl/private.pem
>
> cert=/etc/mydlp/ssl/public.pem
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> > And when I start squid ,
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> > FATAL: No valid signing SSL certificate configured for
>
> HTTPS_port [::]:443
>
>
>
>
>
>
>
> > Squid Cache (Version 3.5.1): Terminated abnormally.
>
>
>
>
>
>
>
> > CPU Usage: 10.189 seconds = 10.133 user + 0.056 sys
>
>
>
>
>
>
>
> > Maximum Resident Size: 271264 KB
>
>
>
>
>
>
>
> > Page faults with physical i/o: 44
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> > Hope to help
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> > regards
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> > _______________________________________________
>
>
>
> > squid-users mailing list
>
>
>
> > squid-users at lists.squid-cache.org
<mailto:squid-users at lists.squid-cache.org>
>
>
>
> > http://lists.squid-cache.org/listinfo/squid-users
>
>
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQEcBAEBCAAGBQJVNsJ5AAoJENNXIZxhPexGE7IH/3JpGhiwEg2puuCiCxOu81re
GcldpwyP3rdJ5TRF/IxFV1K++a+lNDvppVORQwLCpFX6uY3XeBh2Lsn4lsenpV7n
dGBIcKm4eP34ko8EAyjFjKcpoyF9ocl6ygX7XlVgqEE6PYZZG+GJOz2DOPe2u3kg
RWPQjFLHY0DLKgFTj9h3/uLb+6D+opTYH+5dN3vkuf0jAAuQuGaCz9F5wbnxu8Q9
G2zvWqmRbye2hd3ukHbPY0wRyjHZCiFMBF5Q69ciJJzOqDjPd5+0tkg+o+9AcznL
1Q4gZQADMdf3RcDZ42HhINxoqSeiBiRw8SP67/XATb38giwc1/pppVbgMHGBPOc=
=tltw
-----END PGP SIGNATURE-----
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20150422/4cfd54a8/attachment-0001.html>
More information about the squid-users
mailing list