[squid-users] (no subject)
Alex Rousskov
rousskov at measurement-factory.com
Thu Apr 21 01:34:56 UTC 2022
On 4/20/22 16:05, Zaheer Shaikh wrote:
> let me try setting up https.
> Is a private key needed for tls-cert bundle?
Yes, it is needed, either in the tls-cert bundle or in the tls-key=file.
See https_port documentation for details.
You are setting up an HTTPS forward proxy (as far as this https_port is
concerned). For a TLS client to trust such a proxy, the proxy must
identify itself (and sign traffic) with a trusted (by the client)
certificate. Doing so naturally requires the proxy to possess the
matching private certificate key. This aspect is similar to how an HTTPS
server identifies itself to TLS clients.
HTH,
Alex.
More information about the squid-users
mailing list