From f2148bae9112023991f085e790f0361d61e047b1 Mon Sep 17 00:00:00 2001 From: Martin Fuchs Date: Fri, 30 Sep 2011 21:34:02 +0200 Subject: add intermediate CA --- config/squid-reverse/squid.inc | 5 +++++ config/squid-reverse/squid_reverse.xml | 11 ++++++++++- 2 files changed, 15 insertions(+), 1 deletion(-) (limited to 'config') diff --git a/config/squid-reverse/squid.inc b/config/squid-reverse/squid.inc index 43ce8bcd..044cf10b 100644 --- a/config/squid-reverse/squid.inc +++ b/config/squid-reverse/squid.inc @@ -985,6 +985,11 @@ function squid_resync_reverse() { base64_decode($svr_cert['prv'])); $reverse_key = SQUID_CONFBASE . "/{$settings["reverse_ssl_cert"]}.key"; }}} + + if (!empty($settings['reverse_int_ca'])) { + file_put_contents(SQUID_CONFBASE . "/{$settings["reverse_ssl_cert"]}.crt","\n",FILE_APPEND | LOCK_EX); + file_put_contents(SQUID_CONFBASE . "/{$settings["reverse_ssl_cert"]}.crt",base64_decode($settings['reverse_int_ca']),FILE_APPEND | LOCK_EX); + } $ifaces = ($settings['reverse_interface'] ? $settings['reverse_interface'] : 'wan'); $real_ifaces = array(); diff --git a/config/squid-reverse/squid_reverse.xml b/config/squid-reverse/squid_reverse.xml index 8f7686f1..cafa3ec7 100644 --- a/config/squid-reverse/squid_reverse.xml +++ b/config/squid-reverse/squid_reverse.xml @@ -136,7 +136,7 @@ reverse_https If this field is checked, squid will act as an accelerator/SSL offload for Outlook Web Access. checkbox - reverse_https_port,reverse_https_defsite,reverse_ssl_cert,reverse_ignore_ssl_valid + reverse_https_port,reverse_https_defsite,reverse_ssl_cert,reverse_ignore_ssl_valid,reverse_ssl_chain off @@ -164,6 +164,15 @@ descr refid + + intermediate CA certificate + reverse_int_ca + Paste a signed certificate in X.509 PEM format here. + textarea + 50 + 5 + base64 + Reset TCP connections if request is unauthorized deny_info_tcp_reset -- cgit v1.2.3