On Fri, Jun 30, 2017 at 5:19 AM, $ubbu <[email protected]> wrote: > Hi, > > We are using apache traffic server for caching http sites for a quite > long time,recently we had to cache https sites . > > I took reference of > https://docs.trafficserver.apache.org/en/latest/admin-guide/security/index.en.html > > But unable to work it out. > > I have a few questions > > 1.my origin server has CA signed wild card certificate , so what kind of > certificate should I install on traffic server (ex:self signed or ca signed) > and what are the steps to install certificate?
ATS would be acting as a client when talking to your origin server. So, it would use the machine's CA certificate store (like https://curl.haxx.se/docs/caextract.html) to verify that your origin's certificate is valid. > 2.what format of the certificate works (.pem or crt or pfx) ? if this is for > 3.I have one more link > http://www.quobell.nl/blog/apache-traffic-server-ats-as-reverse-proxy-for-outsystems/ > > Which I tried with both self signed and ca signed certificates but I > encountered the following error ERR_SSL_VERSION_OR_CIPHER_MISMATCH I suppose you are talking about ATS talking to your origin server here? If so, guess you'd have to add the public key of the origin's self-signed cert into the CA certificate store. > Please help me in this process. > > > > Thanks in Advance !!! > > > > -- > Regards > Subrahmanya Prasad P
