<html>
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<br>
-----BEGIN PGP SIGNED MESSAGE----- <br>
Hash: SHA256 <br>
<br>
Self-signed certificate is not suitable for use in a reverse proxy.<br>
<br>
22.04.15 9:17, snakeeyes пишет:<br>
<span style="white-space: pre;">> Hi <br>
><br>
> I need to setup squid proxy as reverse proxy with https
enabled<br>
><br>
> I tried the bash script below and it run ok :<br>
><br>
> ###########################<br>
><br>
> OPENSSL=/usr/bin/openssl<br>
><br>
> <br>
><br>
> SSLDIR=/etc/mydlp/ssl<br>
><br>
> <br>
><br>
> mkdir -p $SSLDIR || exit 1<br>
><br>
> <br>
><br>
> rm -rf $SSLDIR/*<br>
><br>
> <br>
><br>
> [ -e $SSLDIR/private.pem ] || $OPENSSL genrsa 4096 >
$SSLDIR/private.pem<br>
><br>
> <br>
><br>
> [ -e $SSLDIR/public.pem ] || (echo -e<br>
>
<a class="moz-txt-link-rfc2396E" href="mailto:TR\nAnkara\nTechnopolis\nMyDLP\nMyDLP\n*\nsupport@mydlp.com\n">"TR\nAnkara\nTechnopolis\nMyDLP\nMyDLP\n*\nsupport@mydlp.com\n"</a>|
$OPENSSL<br>
> req -new -x509 -days 3650 -key $SSLDIR/private.pem -out
$SSLDIR/public.pem)<br>
><br>
> <br>
><br>
> [ -e $SSLDIR/user.der ] || $OPENSSL x509 -in
$SSLDIR/public.pem -outform DER<br>
> -out $SSLDIR/user.der<br>
><br>
> ######################################<br>
><br>
> <br>
><br>
> <br>
><br>
> ls -l /etc/mydlp/ssl<br>
><br>
> total 12<br>
><br>
> -rw-r--r-- 1 root root 3243 Apr 21 08:26 private.pem<br>
><br>
> -rw-r--r-- 1 root root 2090 Apr 21 08:26 public.pem<br>
><br>
> -rw-r--r-- 1 root root 1501 Apr 21 08:27 user.der<br>
><br>
> <br>
><br>
> ######################################<br>
><br>
> <br>
><br>
> Added to squid.conf :<br>
><br>
> <br>
><br>
> https_port 443 key=/etc/mydlp/ssl/private.pem
cert=/etc/mydlp/ssl/public.pem<br>
><br>
> <br>
><br>
> <br>
><br>
> <br>
><br>
> And when I start squid , <br>
><br>
> <br>
><br>
> FATAL: No valid signing SSL certificate configured for
HTTPS_port [::]:443<br>
><br>
> Squid Cache (Version 3.5.1): Terminated abnormally.<br>
><br>
> CPU Usage: 10.189 seconds = 10.133 user + 0.056 sys<br>
><br>
> Maximum Resident Size: 271264 KB<br>
><br>
> Page faults with physical i/o: 44<br>
><br>
> <br>
><br>
> <br>
><br>
> <br>
><br>
> <br>
><br>
> Hope to help<br>
><br>
> <br>
><br>
> regards<br>
><br>
><br>
><br>
><br>
> _______________________________________________<br>
> squid-users mailing list<br>
> <a class="moz-txt-link-abbreviated" href="mailto:squid-users@lists.squid-cache.org">squid-users@lists.squid-cache.org</a><br>
> <a class="moz-txt-link-freetext" href="http://lists.squid-cache.org/listinfo/squid-users">http://lists.squid-cache.org/listinfo/squid-users</a></span><br>
<br>
-----BEGIN PGP SIGNATURE-----
<br>
Version: GnuPG v2
<br>
<br>
iQEcBAEBCAAGBQJVNpSSAAoJENNXIZxhPexGq+4H/3KGzflx2iP+/nYH9SITqmun
<br>
okbIgNUX31WbNYWy8Na+7fnEqE/e/Sfc5qGP2LhbL3iPz72pspBE0vpvLPvAa8iL
<br>
kak/CLDEaFXizPVhfPIi7FI9Vdpvl4D2Pfm3aHHXxoTFjmLvM6htTlNntNCYuG1P
<br>
iLm7gFUNC9pltRrEbnKmhxh3CKsc6iUC3L3muLLaH3WX7WJNtCzTxh+8OQKeDIh1
<br>
ZWAbvpXnPT6PdXI4rDF6+J16eC6TUo0stiWds2XsYH958AWJRwcHi5UL+Vgq1X6Z
<br>
9GWYZVKlXNxBfGR5Zv1anmmaDP2ouJG3DwI5U8Dqe6B6dcGYQWtU+m1Hieuy5Ko=
<br>
=BiO/
<br>
-----END PGP SIGNATURE-----
<br>
<br>
</body>
</html>