Hi All,
Hope some-one out there would be able to assist me. We are currently
running squid 2.7 Stable 8 build on a windows2003 Server.
We had to renew Certificate on the Squid reverse proxy. In the past we
just had to specify the cert and key value, but Thawte has recently
changed their certificate model and now I need to specify the path to
the Thawte root CA certificate as well. This portion of my config file
looks like this:
https_port 1.1.1.1:443 accel cert=c:/squid/etc/2010thawte.pem
key=c:/squid/etc/2010key.pem cafile=c:/squid/ssl/ca/rootCA.pem
When I parse the config file, it returns no errors, and I can stop and
start the squid service without any problems. Browsing the site though
generates a certificate error, and it seems as if the rootCA certificate
can't be found. (IN IE the error is : The Certificate cannot be verified
up to a trusted certification Authority)
If I remove the portion "cafile=c:/squid/ssl/ca/rootCA.pem" from my
config file, and restart the service, I get the same error. It almost
seems as if squid is ignoring the cafile entry?
Is there anyone out there who can assist me, or guide me in the correct
direction? Am I using the cafile command correctly, or should I be using
the capath entry? Is there a specific naming convention I should use for
the rootCA and intermediate Thawte certificate if I want to make use of
the capath entry?
Any advice would be great..
Thanks
Ed
Received on Wed Sep 29 2010 - 11:52:11 MDT
This archive was generated by hypermail 2.2.0 : Wed Sep 29 2010 - 12:00:04 MDT