RE: [squid-users] HTTPS questions

From: Derek Winkler <dwinkler@dont-contact.us>
Date: Tue, 27 Jan 2004 15:26:19 -0500

I posted this earlier...

I was doing something similar.

Browser --SSL-> Squid --SSL--> OWA

I ran into a bug with the RSA SecurID pages but other than that it worked.

Might need to tighten up the ACLs.

Here's my config...

visible_hostname squidhost.algorithmics.com
cache_mgr dwinkler@algorithmics.com

https_port 443 cert=/opt/squid/etc/owahost.algorithmics.com.crt
key=/opt/squid/etc/owahost.algorithmics.com.key
cafile=/opt/squid/etc/cacert.crt defaultsite=owa.algorithmics.com

cache_peer owahost.algorithmics.com parent 443 0 no-query ssl proxy-only
originserver login=PASS sslcert=/opt/squid/etc/owahost.algorithmics.com.crt
sslkey=/opt/squid/etc/owahost.algorithmics.com.key sslflags=DONT_VERIFY_PEER

ssl_unclean_shutdown on

acl owa-exchange urlpath_regex \/exchange(\/|$)
acl owa-webid urlpath_regex \/WebID\/

acl all src 0.0.0.0/0.0.0.0
acl all-dst dst 0.0.0.0/0.0.0.0
acl owa-host dst owaipaddress/255.255.255.255

http_access allow owa-host owa-exchange
http_access allow owa-host owa-webid
http_reply_access allow all-dst
http_access deny all
http_access deny all-dst

You need to use the latest version of Squid to do this, unstable version 3,
patch uneeded.

The squid.conf.default describes all of the https_port options but doesn't
give in depth details of what they do.

Verisign gives specific intructions on how to generate a request using
openssl, follow instructions for Apache w/ Openssl or Apache w/ mod_ssl.

-----Original Message-----
From: Loc Nguyen [mailto:locness_8705@yahoo.com]
Sent: Tuesday, January 27, 2004 3:23 PM
To: squid-users@squid-cache.org
Cc: locness_8705@yahoo.com
Subject: [squid-users] HTTPS questions

Hi everyone,

I have few questions, I hope that you can help:

I want to setup a HTTPS accelerator using squid. The
environment is:
  Client -> HTTPS -> Squid accelerator -> HTTPS
webserver

I am using squid version 2.5. I configure the squid
with the Openssl certificate. The squid accelerator
fails. It seems to me that squid accelerator use HTTP
to connect to the webserver instead of HTTPS.
My questions are:
 1) Does anyone setup this type of HTTPS accelerator ?
I search on Goole and there is a document mentioning
that I need to download a patch to support this HTTPS
accelerator but I can't find this patch at
squid-cache.org download site. Can you point me to
where I can download this patch ?
 2) Any one has a complete list of https_port option ?
I can't find any document explaining how to setup
https_port.
 3) Did anyone setup squid as the HTTPS accelerator
for HTTPS Outlook Web Access? Please point me to any
document shows how to configure the squid.conf to
support HTTPS OWA.
 4) At this time, I use openssl to generate certiciate
for the HTTPS website. I would like to use the
commercial certificate (ie. Verisign, etc..) so my
customer doesn't have to call me about the "can not
verify"
certificate windows problem. I know how to generate
key-pair and submit a certificate request with
Verisign. I just need to know what format do I need to
request from Verisign for the certificate so the
certificate will work with Squid. I am appreciate any
advices and comments about this.

Thanks in advance.

Loc Nguyen

__________________________________
Do you Yahoo!?
Yahoo! SiteBuilder - Free web site building tool. Try it!
http://webhosting.yahoo.com/ps/sb/
Received on Tue Jan 27 2004 - 13:29:55 MST

This archive was generated by hypermail pre-2.1.9 : Sun Feb 01 2004 - 12:00:09 MST