I have a particular SSL enabled site setup where every page is https. The
client needed a redirector setup so that if a user typed just
opaccess.companyname.com in the web browser the site would accept the
request and forward them to the first https page. I have the following
lines setup in my squid config file for this site:
https_port 172.16.0.120:443 protocol=https
cert=/usr/local/squid/etc/opcert.pem key=/usr/local/squid/etc/opcert.key
vhost
cache_peer 192.168.0.20 parent 443 0 no-query originserver ssl
name=opaccess.companyname.com
acl opaccess dstdomain opaccess.companyname.com
http_access allow opaccess
cache_peer_access opaccess.companyname.com allow opaccess
Here is the issue. I started squid via command line so I can see it in a
console by using the command /usr/local/squid/sbin/squid -NCd1. If I type
in opaccess.companyname.com or https://opaccess.companyname.com in a web
browser the site comes up and works as needed. However I get the
following messages repeatedly in my squid console that is up when I am
accessing pages on this particular site:
2007/02/15 08:29:04 | fwdNegotiateSSL: Error negotiating SSL connection on
FD 23: error:140940F6:SSL routines:SSL3_READ_BYTES:unknown alert type
(1/-1/0)
2007/02/15 08:29:04 | TCP connection to 192.168.0.20/443 failed
The numbers after FD (e.g. 23) changes to different numbers as the errors
repeat themselves.
I do have another site running through the squid box that is working
correctly and not throwing any errors. However, it is not setup with a
redirector and is not https required on every page. Here is its config:
https_port 172.16.0.106:443 protocol=https
cert=/usr/local/squid/etc/mycert.pem key=/usr/local/squid/etc/mycert.key
vhost
cache_peer 192.168.0.06 parent 80 0 no-query originserver
name=store.companyname.com
acl companyname dstdomain store.companyname.com
http_access allow companyname
cache_peer_access store.companyname.com allow companyname
Let me know what I am doing wrong here and I appreciate the help guys /
gals!
Thanks,
Jack Siergiej, MCSA
***************************************************************************
Privilege and Confidentiality Notice
THIS MESSAGE IS INTENDED ONLY FOR THE USE OF THE INDIVIDUAL OR ENTITY TO WHICH IT IS ADDRESSED AND MAY CONTAIN INFORMATION THAT IS PRIVILEGED, CONFIDENTIAL AND EXEMPT FROM DISCLOSURE UNDER THE APPLICABLE LAW.
If the reader of this message is not the intended recipient, or the employee or agent responsible for delivering the message to the intended recipient, you are hereby notified that any use of, disclosure, dissemination, distribution, forwarding, or copying of this communication is strictly prohibited. If you have received this communication in error, please notify the sender immediately by email or telephone, and delete the original message immediately.
***************************************************************************
Received on Fri Mar 09 2007 - 05:37:33 MST
This archive was generated by hypermail pre-2.1.9 : Sat Mar 31 2007 - 13:00:01 MDT