On fre, 2007-09-21 at 12:31 +0100, Gordon McKee wrote:
> here are the squid.conf line
> https_port 82.36.186.17:443
> cert=/usr/local/etc/squid/sslcert/opl20070919.pem ca
> file=/usr/local/etc/squid/sslcert/opl-all.pem name=opls
> defaultsite=www.optimalp
> rofit.com
>
> cache_peer 192.168.0.11 parent 443 0 no-query originserver login=PASS
> nam
> e=opls ssl sslcert=/usr/local/etc/squid/sslcert/opl20070919.pem
> cache_peer_domain opls www.optimalprofit.com
> 2007/09/21 12:24:41| fwdNegotiateSSL: Error negotiating SSL connection on FD
> 19: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate
> verify failed (1/-1/0)
> 2007/09/21 12:24:41| TCP connection to 192.168.0.11/443 failed
>
You need to move cafile from https_port to cache_peer. It's the peers
certificate which is rejected.
It's not needed in https_port.
Regards
Henrik
This archive was generated by hypermail pre-2.1.9 : Mon Oct 01 2007 - 12:00:02 MDT