Re: [squid-users] Re: ssl support

From: alp <alpheus@dont-contact.us>
Date: Wed, 18 Dec 2002 09:14:51 +0100

hi,
i still have one problem:
if i use the clientca directive together with https_port (https_port
...clientca=/cafile.txt): what do i have to insert into the file given
there?
you are saying: the list of certificates, but what does this mean?
i tried only the name (CA_test), the dn-name
(cn=CA_test,ou=test,o=test,l=berlin,st=be,c=de), the file path to the CA
certificate (/usr/share/ssl/private/cacert.pem), but with all tries i get
the same error in cache_log:
ssl unknown certificate error:
/c=de/st=be/l=berlin/o=test/ou=test/cn=CA_test
it says that squid did not receive a certificate from the client, but still
logs the distinguished name of my client certificate as shown above.
so i guess, i simply missed the correct way to use the directive clientca.

would you please tell me how correctly to use clientca?

thx in advance,
alp
----- Original Message -----
From: "Henrik Nordstrom" <hno@squid-cache.org>
To: "alp" <alpheus@gmx.de>
Cc: <squid-users@squid-cache.org>
Sent: Tuesday, December 17, 2002 7:30 PM
Subject: Re: [squid-users] Re: ssl support

> alp wrote:
>
> > hi thx so far.
> > i installed the patch successfully. my question now: if i have a ca
called
> > "CA", which signed my client certificate. how do i configure squid then
to
> > accept this client certificate? by using the clientca directive to a
> > textfile with writing "CA" into it???
>
> The patch adds a directive to https_port for specifying the list of
> client CA certificates you accept. See squid.conf.default after the
> update.
>
> Regards
> Henrik
>
Received on Wed Dec 18 2002 - 01:19:01 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:12:08 MST