Editor FoodSQM.com wrote:
> Hello,
>
> Maybe I am going about this wrong. I am running squid 2.6 with SSL
> support to enable the https port.
>
> The cert seems to be working fine with one exception.
>
> I cannot sort out how to set up the the cert chain necessary Duane
> Wessel's book make no mention of chain files for
> certs, and about 20 minutes of googleing turns up nothing.
>
> So does squid support chaining of certs as Apache does? (eg.
> SSLCertificateChainFile /usr/local/ssl/private/IPS-IPSCABUNDLE.crt)
>
> If it does where can I find the documentation? If not that's fine, but
> I couldn't find an answer like "squid 2.x does not support that, you
> must do something else"
>
According to
http://www.squid-cache.org/mail-archive/squid-users/200509/0289.html,
Squid 2.5 didn't support it natively, but did have a patch. Many of the
"unsupported" 2.5 patches were rolled into 2.6, but I can't tell (either
from the release notes
(http://www.squid-cache.org/Versions/v2/2.6/squid-2.6.STABLE1-RELEASENOTES.html)
or the change logs
(http://www.squid-cache.org/Versions/v2/2.6/changesets/)) if the SSL
patch was.
Try following the tip in that maillist message and see if it works for you.
Here's another note with some more details:
http://www.squid-cache.org/mail-archive/squid-users/200611/0254.html
> Which if I had seen that I wouldn't be writing to the list. I would be
> doing something else right now.
>
> cheers
>
> sparky
Chris
Received on Mon Mar 05 2007 - 17:39:31 MST
This archive was generated by hypermail pre-2.1.9 : Sat Mar 31 2007 - 13:00:01 MDT