[squid-users] config Q

Alex Samad alex at samad.com.au
Sat Oct 24 01:22:35 UTC 2015

Let me re ask, as I have miss understood what sslcert is used for.

if cache_peer points to 433 and the cert coming back says
office.abc.com with no subj alt for will squid complain ? if
so how can I get around without using the DONT_VERIFY option

On 24 October 2015 at 11:51, Alex Samad <alex at samad.com.au> wrote:
> Hi
> I have squid on centos 6. the version that comes with it unfortunately.
> I have configured it to be a reverse proxy to our exchange box.
> so it answers on office.abc.com
> now I have 2 cache peers setup
> the exchange box << all the predefined URIs go here
> 443 the rest go here.
> Its https to
> I have sslflags=DONT_VERIFY_PEER in the cache_peer command. It was
> suggest to remove this.
> But the cert on the end of is office.abc.com. I can't use
> cache_peer office.abc.com because it will just hit the squid box.
> I also have the cert define sslcert=/etc/httpd/conf.d/office.abc.com.crt
> Is that going to cause an issue, the is no subjAlt for 127 in the cert
> name. will squid just check the certs.

More information about the squid-users mailing list