Can squid (squid-2.5.STABLE1-2 running under RH9 Linux) be configured to handled *chained* SSL certificates (e.g. from FreeSSL.com) for SSL to HTTP gatewaying? Before I purchase chained cert (much cheaper than usual certs), I'd like to hear from anyone who has direct experience.
With chained certs, you get the usual web certificate *plus* a second certificate (e.g. chain.crt) to complete the chain of trust to a root CA. The only real documentation I've found on using squid to gateway SSL to http is in the squid.conf file appended below. Not *sure* from the documentation if it's possible to fit a *chained* cert into the https_port tag. Thank you in advance for any help, -- Paul # TAG: https_port # Usage: [ip:]port cert=certificate.pem [key=key.pem] [options...] ... # You may specify multiple socket addresses on multiple lines, # each with their own SSL certificate and/or options. ... # cert= Path to SSL certificate (PEM format) # # key= Path to SSL private key file (PEM format) # if not specified, the certificate file is # assumed to be a combined certificate and # key file # # version= The version of SSL/TLS supported # 1 automatic (default) # 2 SSLv2 only # 3 SSLv3 only # 4 TLSv1 only # # cipher= Colon separated list of supported ciphers # # options= Varions SSL engine options. The most important # being: # NO_SSLv2 Disallow the use of SSLv2 # NO_SSLv3 Disallow the use of SSLv3 # NO_TLSv1 Disallow the use of TLSv1 # See src/ssl_support.c or OpenSSL documentation # for a more complete list.
