[squid-users] HTTPS_PORT AND SSL CERT

Julien TEHERY julien.tehery at mediactivegroup.com
Thu May 28 09:00:00 UTC 2020


Yes, that's what i did. As I explained before, i provided to squid a pem file containing:


  *   sever key
  *   server cert
  *   intermediate cert

with in squid.conf:

https_port 8443 tls-cert=path/to/my/wildcard.pem

I did not try to add root cert as i'm aware it's not necessary

I've spent so many hours on something that should work quickly..
________________________________
De : squid-users <squid-users-bounces at lists.squid-cache.org> de la part de Matus UHLAR - fantomas <uhlar at fantomas.sk>
Envoyé : jeudi 28 mai 2020 10:12
À : squid-users at lists.squid-cache.org <squid-users at lists.squid-cache.org>
Objet : Re: [squid-users] HTTPS_PORT AND SSL CERT

On 28.05.20 06:32, Julien  TEHERY wrote:
>I retried everything possible in terms of order in the pem file.  from my
>workstation, if i do "openssl s_client -showcerts -connect
>mysquid.mycompany.com:8443" i only get one certificate/issuer, but the same
>command on same server but different port (apache listenning on 443), i
>correctly get 2 certificates/issuers:
>
>I precise my https configuration isn't for ssl_bump purpose but only to provide secure access to the http proxy through the WAN with a valid certificate.
>Do you some of you use complete certificates (including intermediate) with squid? If yes please tell me how you made it work.
>I do have the latest stable squid version built with openssl support.

you apparnetly need ptovide concatenated list of your squid certificate and
intermediate certificate that signed your squid certificate.

You don't need to provide the root certificate that signed intermediate
certificate, since browsers  to have that certificate installed
(otherwise they wouldn't trust the certificate at all).


--
Matus UHLAR - fantomas, uhlar at fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
- Have you got anything without Spam in it?
- Well, there's Spam egg sausage and Spam, that's not got much Spam in it.
_______________________________________________
squid-users mailing list
squid-users at lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20200528/3cbdebc2/attachment.html>


More information about the squid-users mailing list