[squid-users] config Q

Alex Samad alex at samad.com.au
Sat Oct 24 01:22:35 UTC 2015


Let me re ask, as I have miss understood what sslcert is used for.


if cache_peer points to 127.0.0.1 433 and the cert coming back says
office.abc.com with no subj alt for 127.0.0.1 will squid complain ? if
so how can I get around without using the DONT_VERIFY option


On 24 October 2015 at 11:51, Alex Samad <alex at samad.com.au> wrote:
> Hi
>
> I have squid on centos 6. the version that comes with it unfortunately.
>
> I have configured it to be a reverse proxy to our exchange box.
>
> so it answers on office.abc.com
> now I have 2 cache peers setup
>
> 10.1.1.1. the exchange box << all the predefined URIs go here
> 127.0.0.1 443 the rest go here.
>
> Its https to 127.0.0.1.
>
> I have sslflags=DONT_VERIFY_PEER in the cache_peer command. It was
> suggest to remove this.
>
> But the cert on the end of 127.0.0.1 is office.abc.com. I can't use
> cache_peer office.abc.com because it will just hit the squid box.
>
> I also have the cert define sslcert=/etc/httpd/conf.d/office.abc.com.crt
>
> Is that going to cause an issue, the is no subjAlt for 127 in the cert
> name. will squid just check the certs.


More information about the squid-users mailing list