[squid-users] Https_port with "official" certificate

Antony Stone Antony.Stone at squid.open.source.it
Wed Aug 24 12:24:05 UTC 2016


On Wednesday 24 August 2016 at 14:22:18, Samuraiii wrote:

> On 24.8.2016 14:18, Yuri Voinov wrote:
> > No one CA do not issue signing CA for subject, which is not CA itself.
> > 
> > So, op wants impossible thing.
> 
> I have tried to drop clientca option, to add generate-host-certificates=off
>  but outcome is still same error...
> 
> even with just this as config:
> https_port 8443 accel \

Why are you using accelerator mode?  Surely this is just a normal forwarding 
proxy?

>     cert=/etc/letsencrypt/live/sklad.duckdns.org/cert.pem \
>     key=/etc/letsencrypt/live/sklad.duckdns.org/key.pem


Antony.

-- 
"Reports that say that something hasn't happened are always interesting to me, 
because as we know, there are known knowns; there are things we know we know. 
We also know there are known unknowns; that is to say we know there are some 
things we do not know. But there are also unknown unknowns - the ones we don't 
know we don't know."

 - Donald Rumsfeld, US Secretary of Defence

                                                   Please reply to the list;
                                                         please *don't* CC me.


More information about the squid-users mailing list