[squid-users] SSL Reverse Proxy Domain Mismatch

From: Paul Carew <beavatronix_at_gmail.com>
Date: Tue, 30 Apr 2013 21:56:09 +0100

Hi

I have Squid 3.3.4 setup as an SSL reverse proxy for web based mail.
The domain name on the outside is something like mail.example.org and
the domain name on the inside is something like webmail.example.local.
I am getting a TLS code: SQUID_X509_V_ERR_DOMAIN_MISMATCH error when
trying to connect.

My https_port line looks like so:

https_port 443 accel cert=/etc/squid/ssl_certs/mail.crt
key=/etc/squid/ssl_certs/mail.key cafile=/etc/squid/ssl_certs/mail.ca
defaultsite=webmail.example.local

The cache_peer line:

cache_peer 192.168.0.42 parent 443 0 no-query originserver login=PASS
ssl front-end-https=on name=webmailServer

The certificate on the web based mail server, inside, is issued to
webmail.example.local with a SAN of mail.example.org. The certificate
used on the Squid https_port config line is issued to mail.example.com
with no SAN.

I can understand why the DOMAIN_MISMATCH is occurring but was hoping
someone could recommend a work around?

Many thanks

Paul
Received on Tue Apr 30 2013 - 20:56:18 MDT

This archive was generated by hypermail 2.2.0 : Wed May 01 2013 - 12:00:48 MDT