[squid-users] https quick question
snakeeyes
ahmed.zaeem at netstream.ps
Fri May 22 03:22:31 UTC 2015
clientNegotiateSSL: Error negotiating SSL connection on FD 36: error:1407609B:SSL routines:SSL23_GET_CLIENT_HELLO:https proxy request (1/-1)
2015/05/21 20:20:17| clientNegotiateSSL: Error negotiating SSL connection on FD 45: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request (1/-1)
2015/05/21 20:20:17| clientNegotiateSSL: Error negotiating SSL connection on FD 36: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request (1/-1)
2015/05/21 20:20:17| clientNegotiateSSL: Error negotiating SSL connection on FD 36: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request (1/-1)
2015/05/21 20:20:17| clientNegotiateSSL: Error negotiating SSL connection on FD 36: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request (1/-1)
2015/05/21 20:20:17| clientNegotiateSSL: Error negotiating SSL connection on FD 45: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request (1/-1)
2015/05/21 20:20:17| clientNegotiateSSL: Error negotiating SSL connection on FD 54: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request (1/-1)
2015/05/21 20:20:17| clientNegotiateSSL: Error negotiating SSL connection on FD 29: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request (1/-1)
Amos can you assit with that ???
-----Original Message-----
From: snakeeyes [mailto:ahmed.zaeem at netstream.ps]
Sent: Thursday, May 21, 2015 7:36 PM
To: 'Amos Jeffries'
Cc: squid-users at lists.squid-cache.org
Subject: RE: [squid-users] https quick question
Thank you amos so much
So far I didn’t add CA to my browser
And I followed many docs about how to create the .key file and .crt file but always I get( ssl negotiation error)
What could be the problem
Where should I check and troubleshoot ?
BTW I have the directive
https_port 443 accel key=/root/CA/myCA/private/squid.local.key cert=/root/CA/myCA/certs/squid.local.crt
where shoud I troubleshoot ?
appreciate your help a lot
for start I want to start with self signed certificate but later I will buy a valid certificate
hope to help me
cheers
-----Original Message-----
From: squid-users [mailto:squid-users-bounces at lists.squid-cache.org] On Behalf Of Amos Jeffries
Sent: Thursday, May 21, 2015 6:01 AM
To: squid-users at lists.squid-cache.org
Subject: Re: [squid-users] https quick question
On 22/05/2015 9:09 a.m., snakeeyes wrote:
> Hi ,
>
> I WANT TO ESTABLISH squid https reverse proxy on squid
>
>
>
> Assume I configured and the keys xxxxx.crt & xxxxx.key needed for the
> directive
>
> https_port 443 accl cert=/etc/squid/ssl/xxxx.crt
> key=/etc/squid/ssl/xxxx.key vhost
>
>
>
> the question is being asked now
>
>
>
> do I need to add a certificate in my browser to get it work ?
No.
>
> if so , what key shoud I add ? the .cert file or the .key file ?
If it was signed by a global truted CA then you dont have to do anything more. Making it work for clients is what you are paying the CA for.
If those keys were signed by a custom CA you can optionally add *that
CA* to the browser trusted set. Or the user could click to add exception when they get their popup. Some of the browsers now are ignoring self-signed certs (provided they are valid to the server being contacted). Or you could add TLSA records to your DNS for the domain.
Amos
_______________________________________________
squid-users mailing list
squid-users at lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users
More information about the squid-users
mailing list