Re: [squid-users] Dumb Lurker question

From: Henrik Nordstrom <hno@dont-contact.us>
Date: Tue, 9 Apr 2002 01:38:09 +0200

On Monday 08 April 2002 19:19, Eric Roby wrote:
> > Only if you are running Squid as a web server accelerator with
> > SSL termination, and in such case SSL will only be used between
> > the client and Squid, not between Squid and the accelerated
> > server.
>
> How does one get Squid to accept a password generated by OpenSSL.
> We ran into this issue some time ago and were never able to get it
> resolved. On startup, Squid found the certificate/key but could
> not do anything with it. Just aborted. The password is required
> when building a private key with OpenSSL.
>
> Add to the Dumb Lurker question...

OpenSSL do not generate any passwords. It can optionally encrypt the
RSA keys with a password supplied by the user, in which case there
must always be a user present when starting the server and the server
needs to have a method of asking the user what the password is.

The correct method for server SSL certificates is to have then
unencrypted, protected by file permissions.

See the OpenSSL documentation on how to manage RSA keys.

Regards
Henrik
Received on Mon Apr 08 2002 - 17:47:09 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:07:29 MST