[squid-users] problem in squid certificate installtion

snakeeyes ahmed.zaeem at netstream.ps
Wed Apr 22 07:30:17 UTC 2015


Hmmm ,  cant u  provide more info??

I followed wiki 

http://wiki.squid-cache.org/ConfigExamples/Reverse/SslWithWildcardCertifiate

 

but im still confused with certificates , if possible and don’t mind , could u tell me brief steps ?

 

thanks a lot for ur kind help

 

regards

 

From: squid-users [mailto:squid-users-bounces at lists.squid-cache.org] On Behalf Of Yuri Voinov
Sent: Tuesday, April 21, 2015 11:19 AM
To: squid-users at lists.squid-cache.org
Subject: Re: [squid-users] problem in squid certificate installtion

 


-----BEGIN PGP SIGNED MESSAGE----- 
Hash: SHA256 
 
Self-signed certificate is not suitable for use in a reverse proxy.

22.04.15 9:17, snakeeyes пишет:
> Hi 



      >



      > I need to setup squid proxy as reverse proxy with https

      enabled



      >



      > I tried  the bash script below and it run ok :



      >



      > ###########################



      >



      > OPENSSL=/usr/bin/openssl



      >



      >  



      >



      > SSLDIR=/etc/mydlp/ssl



      >



      >  



      >



      > mkdir -p $SSLDIR || exit 1



      >



      >  



      >



      > rm -rf $SSLDIR/*



      >



      >  



      >



      > [ -e $SSLDIR/private.pem ] || $OPENSSL genrsa 4096 >

      $SSLDIR/private.pem



      >



      >  



      >



      > [ -e $SSLDIR/public.pem ] || (echo -e



      >

       <mailto:TR\nAnkara\nTechnopolis\nMyDLP\nMyDLP\n*\nsupport at mydlp.com\n> "TR\nAnkara\nTechnopolis\nMyDLP\nMyDLP\n*\nsupport at mydlp.com\n"|

      $OPENSSL



      > req -new -x509 -days 3650 -key $SSLDIR/private.pem -out

      $SSLDIR/public.pem)



      >



      >  



      >



      > [ -e $SSLDIR/user.der ] || $OPENSSL x509 -in

      $SSLDIR/public.pem -outform DER



      > -out $SSLDIR/user.der



      >



      > ######################################



      >



      >  



      >



      >  



      >



      > ls -l /etc/mydlp/ssl



      >



      > total 12



      >



      > -rw-r--r-- 1 root root 3243 Apr 21 08:26 private.pem



      >



      > -rw-r--r-- 1 root root 2090 Apr 21 08:26 public.pem



      >



      > -rw-r--r-- 1 root root 1501 Apr 21 08:27 user.der



      >



      >  



      >



      > ######################################



      >



      >  



      >



      > Added to squid.conf :



      >



      >  



      >



      > https_port 443 key=/etc/mydlp/ssl/private.pem

      cert=/etc/mydlp/ssl/public.pem



      >



      >  



      >



      >  



      >



      >  



      >



      > And when I start squid , 



      >



      >  



      >



      > FATAL: No valid signing SSL certificate configured for

      HTTPS_port [::]:443



      >



      > Squid Cache (Version 3.5.1): Terminated abnormally.



      >



      > CPU Usage: 10.189 seconds = 10.133 user + 0.056 sys



      >



      > Maximum Resident Size: 271264 KB



      >



      > Page faults with physical i/o: 44



      >



      >  



      >



      >  



      >



      >  



      >



      >  



      >



      > Hope to help



      >



      >  



      >



      > regards



      >



      >



      >



      >



      > _______________________________________________



      > squid-users mailing list



      > squid-users at lists.squid-cache.org <mailto:squid-users at lists.squid-cache.org> 



      > http://lists.squid-cache.org/listinfo/squid-users

-----BEGIN PGP SIGNATURE----- 
Version: GnuPG v2 
 
iQEcBAEBCAAGBQJVNpSSAAoJENNXIZxhPexGq+4H/3KGzflx2iP+/nYH9SITqmun 
okbIgNUX31WbNYWy8Na+7fnEqE/e/Sfc5qGP2LhbL3iPz72pspBE0vpvLPvAa8iL 
kak/CLDEaFXizPVhfPIi7FI9Vdpvl4D2Pfm3aHHXxoTFjmLvM6htTlNntNCYuG1P 
iLm7gFUNC9pltRrEbnKmhxh3CKsc6iUC3L3muLLaH3WX7WJNtCzTxh+8OQKeDIh1 
ZWAbvpXnPT6PdXI4rDF6+J16eC6TUo0stiWds2XsYH958AWJRwcHi5UL+Vgq1X6Z 
9GWYZVKlXNxBfGR5Zv1anmmaDP2ouJG3DwI5U8Dqe6B6dcGYQWtU+m1Hieuy5Ko= 
=BiO/ 
-----END PGP SIGNATURE----- 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20150422/5422b956/attachment.html>


More information about the squid-users mailing list