Re: [squid-users] SSL on Squid 2.7 Windows

From: TheoB <tbodmer_at_hotmail.com>
Date: Sun, 7 Dec 2008 07:37:43 -0800 (PST)

Thanks a lot!

The problem was the ssl cert in the pem format, after getting this right
everything works as it should!

First I did export the cert (mmc using the Certification Snap In) export,
without select the strong authentication option, and including the private
key.

I than processed the resulting in.pfx file with: openssl pkcs12 -in in.pfx
-out out.pem

Doing this I had to enter a pass phrase.

Next I had to remove the pass phrase again:

openssl rsa -in key.pem -out keyout.pem

But after that the private key was missing. So the last step was to add the
private key again using a text editor.

There is probably a smarter way to do this.

Theo

Henrik Nordstrom-5 wrote:
>
> ons 2008-12-03 klockan 06:25 -0800 skrev TheoB:
>> I have a running http reverse proxy setup. Now I want to add SSL.
>>
>> The first thing I try is to make squid listening on port 443:
>>
>> https_port 192.168.1.151:443 accel cert=C:/squid/ssl/xxx.pem
>> key=C:/squid/ssl/xxx.pem defaultsite=mirror.xxx.com vhost
>
> looks fine.
>
>> Squid starts but is not listening on 192.168.1.151:443. In the log I see
>> no
>> indication that squid tries to set up an https listener.
>
> Is there any relevant warnings in cache.log?
>
> Do the pem file contain the certificate + unencrypted key?
>
> (for encrypted keys you need additional directives telling Squid how to
> get the key encryption password)
>
> Also try starting Squid "interactively" from a command window:
>
> /squid/sbin/squid -n squid -DNYCd3
>
> Regards
> Henrik
>
>
>

-- 
View this message in context: http://www.nabble.com/SSL-on-Squid-2.7-Windows-tp20813896p20882109.html
Sent from the Squid - Users mailing list archive at Nabble.com.
Received on Sun Dec 07 2008 - 15:37:47 MST

This archive was generated by hypermail 2.2.0 : Sun Dec 07 2008 - 12:00:02 MST