Hi Amos, thanks for your response.
I'll try to clarify.
I want my browser (a client's browser) to always go through a squid proxy
for accessing any website (target application). This is because I have an
icap service working on the data. Thus to my understanding this is a forward
proxy.
Since I want it to work for both http and https sites, I configured squid to
work with ssl-bump as shown above. I have tested this configuration, by
setting firefox proxy settings to go to squid on port 3128, and it seems to
work fine :)
Now I have an additional target application. This application happens to be
a portal that is run on tomcat. Furthermore, it is a tomcat that I
configured the security settings for. Thus I have browser -> squid -> portal
(run on tomcat).
To my understanding this is still part of the same forward proxy? am I wrong
here?
Unfortunately, on this particular setting I get the failure I showed above.
> From cache.log:
> -----BEGIN SSL SESSION PARAMETERS-----
> MHECAQECAgMBBAIANQQg0b4mR/aJ5Vez5HNh6dSwUL4vs/d+v+ceEwKpWxHdFoME
> MI3ZqOI/+MjpLLsjIoFchf9dxA/wD9aoZZgrbiq6GRtvOTWRRFeaQA1KFfVgmFo7
> FaEGAgRNgfR5ogQCAgEspAIEAA==
> -----END SSL SESSION PARAMETERS-----
> 2011/03/17 07:46:01| SSL unknown certificate error 18 in
> /C=IL/ST=NA/L=NA/O=IBM/OU=HRL/CN=Magen
> 2011/03/17 07:46:01| fwdNegotiateSSL: Error negotiating SSL connection on
> FD
> 13: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate
> verify failed (1/-1/0)
I guess I am still understanding something badly, please point me to it.
Thanks, Ariel.
-- View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/squid-as-forward-proxy-for-portal-run-on-tomcat-tp3383986p3388175.html Sent from the Squid - Users mailing list archive at Nabble.com.Received on Fri Mar 18 2011 - 19:25:02 MDT
This archive was generated by hypermail 2.2.0 : Mon Mar 21 2011 - 12:00:01 MDT