hello,
according to this chapter
http://wiki.squid-cache.org/ConfigExamples/Reverse/SslWithWildcardCertifiate
i bought signed certificate
but no one accept rsa:1024
so i generate the key with rsa:2048
after i got my crt from them
https_port 443 cert=/usr/newrprgate/CertAuth/signed.crt
On Mon, Jan 12, 2015 at 7:41 AM, Simon Dcunha si...@baladia.gov.kw wrote:
if I uncheck the proxy option in the browser the site works fine
the above users also use internet and is working fine
I am using the pac file to bypass local sites and the local intranet
websites are alredy added in
yes you are right
--
View this message in context:
http://squid-web-proxy-cache.1019090.n4.nabble.com/ssl-cert-wiki-tp4669016p4669020.html
Sent from the Squid - Users mailing list archive at Nabble.com.
___
squid-users mailing list
what you mean by specify -CAPath with trusted root CA's
--
View this message in context:
http://squid-web-proxy-cache.1019090.n4.nabble.com/ssl-cert-wiki-tp4669016p4669025.html
Sent from the Squid - Users mailing list archive at Nabble.com.
___
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
AFAIK,
you can't be use SERVER certificate (almost signed trusted CA) for SSL
bumping. You need root CA exactly. Self-signed root CA.
12.01.2015 17:28, HackXBack пишет:
if it is self-signed CA certificate + import to browser
then it will worked
Hi.
On 09.01.2015 06:12, Amos Jeffries wrote:
Grand total:
= 9.5 GB of RAM just for Squid.
.. then there is whatever memory the helper programs, other software
on the server and operating system all need.
I'm now also having a strong impression that squid is leaking memory.
Now, when
how it didnt work while i found articles in google saying that it work for
them
like this one:
http://www.linuxquestions.org/questions/linux-server-73/ssl-intermediate-chain-warning-917476/
--
View this message in context:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
May I take a look on your squid.conf?
Looks like you incorrect configure your proxy.
12.01.2015 17:07, HackXBack пишет:
i dont know where you take me but my problem is not in any command !
i used trusted cert that got it from trusted CA
but
in this case the clear question is what https_port line must contain ?
--
View this message in context:
http://squid-web-proxy-cache.1019090.n4.nabble.com/ssl-cert-wiki-tp4669016p4669027.html
Sent from the Squid - Users mailing list archive at Nabble.com.
i dont know where you take me but my problem is not in any command !
i used trusted cert that got it from trusted CA
but when i use it in https_port the browser give error like i mentioned in
my first post
--
View this message in context:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Yep.
Memory leaking - if it really it - will be occurs on all platforms.
If not - this is OS-specific issue. libc, malloc library problem. But
not squid itself.
12.01.2015 18:06, Eugene M. Zheganin пишет:
Hi.
On 12.01.2015 16:41, Eugene M.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Yep.
Memory leaking - if it really it - will be occurs on all platforms.
If not - this is OS-specific issue. libc, malloc library problem. But
not squid itself.
12.01.2015 18:06, Eugene M. Zheganin пишет:
-BEGIN PGP SIGNATURE-
Version:
Can you try to use openssl s_client?
an exapmple:
openssl s_client -connect facebook.com:443
Eliezer
On 12/01/2015 11:41, HackXBack wrote:
hello,
according to this chapter
http://wiki.squid-cache.org/ConfigExamples/Reverse/SslWithWildcardCertifiate
i bought signed certificate
but no one
openssl s_client -connect facebook.com:443
CONNECTED(0003)
depth=1 C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert High
Assurance CA-3
verify error:num=20:unable to get local issuer certificate
verify return:0
---
Certificate chain
0 s:/C=US/ST=CA/L=Menlo Park/O=Facebook,
openssl s_client -connect facebook.com:443 -CApath /var/squid/ssl_db/certs
CONNECTED(0003)
depth=2 C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert High
Assurance EV Root CA
verify return:1
depth=1 C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert High
Assurance CA-3
if it is self-signed CA certificate + import to browser
then it will worked
but if it is Trusted CA cert it giving me error like i said in first post
--
View this message in context:
http://squid-web-proxy-cache.1019090.n4.nabble.com/ssl-cert-wiki-tp4669016p4669037.html
Sent from the Squid -
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Yep, openssl is ok and works.
12.01.2015 17:02, HackXBack пишет:
openssl s_client -connect facebook.com:443 -CApath /var/squid/ssl_db/certs
CONNECTED(0003)
depth=2 C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert
High
Are you using the command with facebook.com???
You should use your own server...
Eliezer
On 12/01/2015 13:02, HackXBack wrote:
openssl s_client -connect facebook.com:443 -CApath /var/squid/ssl_db/certs
CONNECTED(0003)
depth=2 C = US, O = DigiCert Inc, OU =www.digicert.com, CN = DigiCert
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Looks like an OS-specific issue.
I don't see any memory leaking on my boxes (running Solaris 10, yes ;)).
Moreover, helpers is corrrectly got an release memory.
12.01.2015 17:41, Eugene M. Zheganin пишет:
Hi.
On 09.01.2015 06:12, Amos Jeffries
Just to make sure I understand it right.
The certificate is for a reverse proxy?
Eliezer
On 12/01/2015 11:41, HackXBack wrote:
hello,
according to this chapter
http://wiki.squid-cache.org/ConfigExamples/Reverse/SslWithWildcardCertifiate
i bought signed certificate
but no one accept rsa:1024
Share your PAC file please.
Regards,Sarfraz
From: Simon Dcunha si...@baladia.gov.kw
To: squid-users squid-us...@squid-cache.org
Sent: Monday, January 12, 2015 11:41 AM
Subject: [squid-users] site cannot be accessed
Dear All,
I have squid-3.1.10-22.el6_5.x86_64
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
You need to specify -CAPath with trusted root CA's from openssl
installation to avoid error 20. :)
But looks like openssl connect works.
12.01.2015 16:50, HackXBack пишет:
openssl s_client -connect facebook.com:443
CONNECTED(0003)
depth=1 C
Hi.
On 12.01.2015 16:03, Eugene M. Zheganin wrote:
Hi.
Just to point this out in the correct thread - to all the people who
replied here - Steve Hill has provided a patch for a 3.4.x that solves
the most performance degradation issue. 3.4.x is still performing poorly
comparing to the 3.3.x
Hi.
On 12.01.2015 16:41, Eugene M. Zheganin wrote:
I'm now also having a strong impression that squid is leaking memory.
Now, when 3.4.x is able to handle hundreds of users during several
hours I notice that it's memory usage is constantly increasing. My
patience always ends at the point of
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Yep :)
12.01.2015 17:53, Eliezer Croitoru пишет:
Hey,
This is not a reverse proxy...
It's a ssl-bump server and which you cannot use any bought certificate
for it.
Eliezer
On 12/01/2015 13:20, HackXBack wrote:
https_port 3127 intercept
Hey,
This is not a reverse proxy...
It's a ssl-bump server and which you cannot use any bought certificate
for it.
Eliezer
On 12/01/2015 13:20, HackXBack wrote:
https_port 3127 intercept ssl-bump generate-host-certificates=on
dynamic_cert_mem_cache_size=4MB cert=/etc/squid/ssl_cert/CA.pem
Hey hack,
From the comments in the past I am unsure what you are after...
If you are using ssl-bump you should first learn about how ssl works and
about the differences between encrypted traffic to verification of a
public key.
I must admit that these topic are not marked as an easy one.
Dear Sarfraz,
appreciate your immediate reply
Heres attached is my pac file
i am accessing the 10.101.101.10 server
regards
simon
From: ***some text missing*** shoz...@yahoo.com
To: simon si...@baladia.gov.kw, squid-users squid-us...@squid-cache.org
Sent: Monday,
Hey,
Did you had the chance to see this page:
http://findproxyforurl.com/example-pac-file/
Eliezer
On 13/01/2015 06:22, Simon Dcunha wrote:
Dear Sarfraz,
appreciate your immediate reply
Heres attached is my pac file
i am accessing the 10.101.101.10 server
regards
simon
29 matches
Mail list logo