Dean Weimer wrote:
I am trying to setup a test with an SSL reverse proxy on an intranet site, I
currently have a fake self signed certificate and the server is answering on
the HTTP side just fine, and answering on the HTTPS however I get a (92)
protocol error returned from the proxy when trying to access it through HTTPS.
I have added the following lines for the HTTPS option
https_port 443 accel cert=/usr/local/squid/etc/certs/server.crt
key=/usr/local/squid/etc/certs/server.key defaultsite=mysite vhost
cache_peer 10.20.10.76 parent 443 0 no-query originserver ssl
sslflags=DONT_VERIFY_PEER,DONT_VERIFY_DOMAIN name=secure_mysite
From the log I can see the error is caused by the invalid certificate.
2009/09/25 11:38:07| SSL unknown certificate error 18 in...
2009/09/25 11:38:07| fwdNegotiateSSL: Error negotiating SSL connection on FD
15: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify
failed (1/-1/0)
Is there a way that I can tell it to go ahead and trust this fake certificate
during testing while I wait for the actual certificate that is valid, to be
issued.
Perhaps http://www.squid-cache.org/Doc/config/sslproxy_flags/
Thanks,
Dean Weimer
Network Administrator
Orscheln Management Co
Chris
