Default ssl config?

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

Default ssl config?

Jason Hitt-2
 
Can someone post one, think I'm going to start fresh.
Reply | Threaded
Open this post in threaded view
|

Re: Default ssl config?

Slacker-4
Jason Hitt, on 06/06/2007 08:40 PM [GMT+500], wrote :
>  
> Can someone post one, think I'm going to start fresh.
>  
Post what ... hack?

Regards.
Reply | Threaded
Open this post in threaded view
|

RE: Default ssl config?

Jason Hitt-2
 Thinking maybe I hosted up my squid.conf anf want a config that should
work for reverse proxy using ssl.

-----Original Message-----
From: Slacker [mailto:[hidden email]]
Sent: Wednesday, June 06, 2007 10:51 AM
To: [hidden email]
Subject: Re: [squid-users] Default ssl config?

Jason Hitt, on 06/06/2007 08:40 PM [GMT+500], wrote :
>  
> Can someone post one, think I'm going to start fresh.
>  
Post what ... hack?

Regards.
Reply | Threaded
Open this post in threaded view
|

RE: Default ssl config?

Henrik Nordström
ons 2007-06-06 klockan 11:14 -0500 skrev Jason Hitt:
>  Thinking maybe I hosted up my squid.conf anf want a config that should
> work for reverse proxy using ssl.


https_port public.ip:443 cert=/path/cert.pem defaultsite=your.public.website.name

cache_peer ip.of.websever parent 443 0 no-query originserver ssl


if the peer is using a self-signed certificate or one issued by a CA not
in your default list of trusted CAs then you also need the sslcafile=
option or sslflags=DONT_VERIFY_PEER (sslflags not recommended, opens for
an man-in-the-middle attack on the encryption). For a self-signed
certificate use the server certificate as a CA, for a otherwise
untrusted CA use the CA root certificate.

If your Squid has digest or icmp support enabled then you also want the
no-digest and no-netdb-exchange options. Will work fine without them,
but you might be a little annoyed by automated HTTP requests from
Squid..

Regards
Henrik

signature.asc (316 bytes) Download Attachment