RE: [squid-users] Verisign cert problem
How can I tell where to put this file, or which ca-bundle.crt file to chain
this to? I did a find on my system, and there are two files. one in
/usr/share/apps/kssl, and the other in /usr/share/ssl/certs.
squid_GATEWAY_ssl-2.5.patch has been applied before compile.
From: Henrik Nordstrom [mailto:firstname.lastname@example.org]
Sent: Thursday, January 08, 2004 3:01 PM
To: Schaefer, Charles
Subject: Re: [squid-users] Verisign cert problem
On Thu, 8 Jan 2004, Schaefer, Charles wrote:
> How can I tell where I need to put the new intermediate.crt file I just[/color]
> from Verisign? They signed my cert on 12/29/03 with their cert that[/color]
> on 1/7/04! Now I have to jump through a hoop to fix it.[/color]
If you are running Squid as an SSL accelerator server then you need to
chain the intermediary certificate to your certificate. This is done by
placing them both in the same certificate file.
However, if using Squid-2.5 then you also need the SSL update patch
available from [url]http://devel.squid-cache.org/[/url] or modify the source to use
SSL_CTX_use_certificate_chain_file(sslContext, certfile) instead of
SSL_CTX_use_certificate_file(sslContext, certfile, SSL_FILETYPE_PEM)