Re: [squid-users] Verisign cert problem

From: Henrik Nordstrom <hno@dont-contact.us>
Date: Thu, 8 Jan 2004 21:00:35 +0100 (CET)

On Thu, 8 Jan 2004, Schaefer, Charles wrote:

> How can I tell where I need to put the new intermediate.crt file I just got
> from Verisign? They signed my cert on 12/29/03 with their cert that expired
> on 1/7/04! Now I have to jump through a hoop to fix it.

If you are running Squid as an SSL accelerator server then you need to
chain the intermediary certificate to your certificate. This is done by
placing them both in the same certificate file.

However, if using Squid-2.5 then you also need the SSL update patch
available from http://devel.squid-cache.org/ or modify the source to use
SSL_CTX_use_certificate_chain_file(sslContext, certfile) instead of
SSL_CTX_use_certificate_file(sslContext, certfile, SSL_FILETYPE_PEM)

Regards
Henrik
Received on Thu Jan 08 2004 - 13:00:40 MST

This archive was generated by hypermail pre-2.1.9 : Sun Feb 01 2004 - 12:00:04 MST