1/ Install openssl and libssl-dev packages
# aptitude install openssl libssl-dev
2/ Donwload squid sources on http://www.squid-cache.org/
3/ Configure it with the openssl option, compile it and install it
# ./configure –enable-ssl –with-openssl=/usr/include/openssl/
# make
# make install
4/ Create necessary certificates (source)
– Creating a private CA –
Go to the OpenSSL bin directory (/usr/local/ssl/misc by default).
There should be a script called CA.sh (and a CA.pl that does the same stuff). This hides all the gruesome details of how this works. Without the script this is a very annoying process.
su to root
Make sure that the OpenSSL bin directory is in your path.
# ./CA.sh -newca
When prompted for CA filename hit return.
Answer the rest of the questions intelligently. The common name would be how this certificate might be referred to. For example, the Equifax Secure CA uses the common name of Equifax Secure Certificate Authority.
– Creating certificates –
# ./CA.sh -newreq
This creates an unsigned certificate request.
The procedure is the same as creating a private CA except you’ll want to use the name of the host that will use the certificate as the common name (host.domain.com). If they don’t match, the client will not like it.
You probably don’t want to use the same passphrase for this as you did with the CA.
# ./CA.sh -sign
It will ask for a PEM pass phrase, that’s the passphrase you set for the private CA you created.
This signs the certificate that you just created with the CA you created just moments before. You can generate multiple certificates. You’ll probably need to. For example, mail.foo.com and www.foo.com each need their own certificate.
The signed certificate is now in the current directory as newcert.pem. If you are going to create more, you should rename this or it will be overwritten be subsequent signatures.
4/ Removing password from key.pem
# mv key.pem key.pem.withpass
# openssl rsa -in key.pem.withpass -out key.pem
5/ Edit /usr/local/squid/etc/squid.conf
http_port 3128 vhost defaultsite=yoursite.com
https_port 443 vhost cert=/path_to/cert.pem key=/path_to/key.pem cafile=/path_to/cacert.pem defaultsite=yoursite.com versi
on=2
cache_peer yoursite.com parent 80 0 no-query originserver
6/ Create squid cache directories and launch squid
# /usr/local/squid/sbin/squid -z
# /usr/local/squid/sbin/squid
Fonte http://www.brichet.be/how-to-setup-a-reverse-proxy-server-over-ssl-squid-debian/
Articolo 
Commenti
Storico
Stampa
Condividi