Re: [squid-users] HTTPS questions

On Tue, 27 Jan 2004, Loc Nguyen wrote:

> I have few questions, I hope that you can help:
>
> I want to setup a HTTPS accelerator using squid. The
> environment is:
> Client -> HTTPS -> Squid accelerator -> HTTPS
> webserver

Then you need Squid-3, or alternatively Squid-2.5 + SSL update patch from
devel.squid-cache.org. Please note that the 2.5 patch is currently
unavailable due to SourceForge server issues but should be back in a few
days at worst.

The base Squid-2.5 distribution does not know how to initiate SSL
connections and can not fulfill your requirements.

> 2) Any one has a complete list of https_port option ?
> I can't find any document explaining how to setup
> https_port.

All the options are documented in squid.conf.default after you install
your Squid..

> 3) Did anyone setup squid as the HTTPS accelerator
> for HTTPS Outlook Web Access? Please point me to any
> document shows how to configure the squid.conf to
> support HTTPS OWA.

Should work with Squid-2.5+SSL update + a small redirector to rewrite the
accelerated URLs back into https.

Should also work with Squid-3.

Or you could look into the eMARA product from MARA Systems AB from where a
lot of this functionality is originating.

> 4) At this time, I use openssl to generate certiciate for the HTTPS

> I just need to know what format do I need to request from Verisign for
> the certificate so the certificate will work with Squid. I am appreciate
> any advices and comments about this.

Same as for Apache mod_ssl which is more well known to the CAs. Or in
short an OpenSSL PEM formatted certificate.

If you get the certificate in any other form from your CA or when
migrating existing certificates then OpenSSL has built in tools for
converting to/from the required PEM format. But I think most understands
that a PEM style certificate is requested if they get a PEM formatted
certificate request..

Regards
Henrik