<html>
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<br>
-----BEGIN PGP SIGNED MESSAGE----- <br>
Hash: SHA256 <br>
<br>
Man,<br>
<br>
self-signed sertificate required only for SSL Bump (not pump :)).<br>
<br>
For SSL reverse proxy you need CA's signed server certificate.<br>
<br>
Feel the difference.<br>
<br>
21.04.15 5:16, snakeeyes пишет:<br>
<span style="white-space: pre;">> Hi all , I need a help in
setting up squid for https reverse proxy <br>
><br>
> I mean I want to authorize the certificate on my pc so that
be able to<br>
> acces https using http not tunnel method<br>
><br>
> I have searched a lot and most of docs mention ssl pump , but
again im here<br>
> don't want ssl pump feature and all I need is just reverse
proxy.<br>
><br>
> <br>
><br>
> Here is steps that I did :<br>
><br>
> cd /etc/squid<br>
><br>
> <br>
><br>
> openssl req -new -newkey rsa:1024 -days 3650 -nodes -x509
-subj<br>
> '/C=dsa/ST=asd/L=aaa/O=abcv/CN=abc' -keyout
/etc/squid/abc.pem -out <br>
><br>
> /etc/squid/abc.pem<br>
><br>
> <br>
><br>
> openssl x509 -in /etc/squid/abc.pem -outform DER -out
/etc/squid/abc.der<br>
><br>
> <br>
><br>
> whereis ssl_crtd<br>
><br>
> <br>
><br>
> chown squid:squid /var/lib/ssl_db<br>
><br>
> <br>
><br>
> after that edited squid.conf with :<br>
><br>
> <br>
><br>
> https_port 443 cert=/etc/squid/abc.pem key=/etc/squid/abc.pem<br>
><br>
> <br>
><br>
> <br>
><br>
> <br>
><br>
> then went to my browser and added abc.der as authorized
certificates<br>
><br>
> <br>
><br>
> when I connect to proxy I have erros logs :<br>
><br>
> <br>
><br>
> 2015/04/20 15:44:18 kid1| Error negotiating SSL connection on
FD 11: Success<br>
> (0)<br>
><br>
> 2015/04/20 15:44:19 kid1| Error negotiating SSL connection on
FD 11: Success<br>
> (0)<br>
><br>
> 2015/04/20 15:44:21 kid1| Error negotiating SSL connection on
FD 11: Success<br>
> (0)<br>
><br>
> 2015/04/20 15:44:23 kid1| Error negotiating SSL connection on
FD 11: Success<br>
> (0)<br>
><br>
> 2015/04/20 15:45:33 kid1| Error negotiating SSL connection on
FD 11: Success<br>
> (0)<br>
><br>
> 2015/04/20 15:45:33 kid1| Error negotiating SSL connection on
FD 11: Success<br>
> (0)<br>
><br>
> 2015/04/20 15:47:01 kid1| Error negotiating SSL connection on
FD 11: Success<br>
> (0)<br>
><br>
> 2015/04/20 15:53:44 kid1| Error negotiating SSL connection on
FD 11: Success<br>
> (0)<br>
><br>
> 2015/04/20 15:53:46 kid1| Error negotiating SSL connection on
FD 11: Success<br>
> (0)<br>
><br>
> 2015/04/20 15:53:47 kid1| Error negotiating SSL connection on
FD 11: Success<br>
> (0)<br>
><br>
> <br>
><br>
> <br>
><br>
> Where could be the problem ?<br>
><br>
> <br>
><br>
> <br>
><br>
> Here is my squid config :<br>
><br>
> <br>
><br>
> <br>
><br>
> squid -v<br>
><br>
> Squid Cache: Version 3.5.1<br>
><br>
> Service Name: squid<br>
><br>
> configure options: '--prefix=/usr' '--includedir=/include'<br>
> '--mandir=/share/man' '--infodir=/share/info'
'--sysconfdir=/etc'<br>
> '--enable-cachemgr-hostname=drx' '--localstatedir=/var'<br>
> '--libexecdir=/lib/squid' '--disable-maintainer-mode'<br>
> '--disable-dependency-tracking' '--disable-silent-rules'
'--srcdir=.'<br>
> '--datadir=/usr/share/squid' '--sysconfdir=/etc/squid'<br>
> '--mandir=/usr/share/man' '--enable-inline'
'--enable-async-io=8'<br>
> '--enable-storeio=ufs,aufs,diskd,rock'
'--enable-removal-policies=lru,heap'<br>
> '--enable-delay-pools' '--enable-cache-digests'
'--enable-underscores'<br>
> '--enable-icap-client' '--enable-follow-x-forwarded-for'
'--enable-auth'<br>
>
'--enable-basic-auth-helpers=LDAP,MSNT,NCSA,PAM,SASL,SMB,YP,DB,POP3,getpwnam<br>
> ,squid_radius_auth,multi-domain-NTLM'
'--enable-ntlm-auth-helpers=smb_lm'<br>
> '--enable-digest-auth-helpers=ldap,password'<br>
> '--enable-negotiate-auth-helpers=squid_kerb_auth'
'--enable-esi'<br>
> '--disable-translation' '--with-logdir=/var/log/squid'<br>
> '--with-pidfile=/var/run/squid.pid'
'--with-filedescriptors=131072'<br>
> '--with-large-files' '--with-default-user=squid'
'--enable-linux-netfilter'<br>
> '--enable-ltdl-convenience' '--enable-ssl'
'--enable-ssl-crtd'<br>
> '--enable-arp-acl' 'CXXFLAGS=-DMAXTCPLISTENPORTS=20000'
'--with-openssl'<br>
> '--enable-snmp'<br>
><br>
> <br>
><br>
> <br>
><br>
> <br>
><br>
> <br>
><br>
> <br>
><br>
> cheers<br>
><br>
><br>
><br>
><br>
> _______________________________________________<br>
> squid-users mailing list<br>
> <a class="moz-txt-link-abbreviated" href="mailto:squid-users@lists.squid-cache.org">squid-users@lists.squid-cache.org</a><br>
> <a class="moz-txt-link-freetext" href="http://lists.squid-cache.org/listinfo/squid-users">http://lists.squid-cache.org/listinfo/squid-users</a></span><br>
<br>
-----BEGIN PGP SIGNATURE-----
<br>
Version: GnuPG v2
<br>
<br>
iQEcBAEBCAAGBQJVNP1qAAoJENNXIZxhPexGA7QIAKGDJIOUiKxo0iemYhT2b+dz
<br>
YEVjuOMcjOu643MzUpFNJEezD0spQrGk01Lrj9DLJrlTv6fH5CWEAJJcsy/ieyAV
<br>
KN/SVxS6v98N5KitIhNGbeSO3OKMASJVvgaSi/MpTEl2snRUNaSSiJDKvu9oJqje
<br>
fo19qw+Ce4tH1QjnvRX+v1IHYlBcqBroGnQAR/kNnW1QdC0kXWy2X/hv0eJ5Lmyd
<br>
kSLtiSaOVl6qJ64S1UuQWL9mW8phPI/mYJBOZ3AGe535VO+15pXsFrsxfeIIF8ra
<br>
DmV6cEKEtMVDikI8n9DvlRvJV/vFMmrtI2vqWgXE6HEjmr1WNiYDqkQVczYXeQk=
<br>
=Pb8X
<br>
-----END PGP SIGNATURE-----
<br>
<br>
</body>
</html>