Forum OpenACS Q&A: Re: how to config for multiple aolserver instances
Just returned from climbing in the Alps. No, I haven't tried other proxies in conjunction with HTTPS. The changes to pound by Gustav look very promissing though. But I'm holding off till his patches make it to the standard distribution of pound and till AOLserver supports X-forwarded-header so that it can log the IP address that the HTTP(S) request originated from.
Another issue with Squid is that SSL support appears to be incomplete.
https_port 127.0.0.1:443 cert=/PATH_TO_CA_CERT/cacert.pem key=/PATH_TO_KEY/key.pem version=1
Shouldn't cert point to the cert of the web server and not of the CA? And were should the CA cert reside? I looked at the code and there seems to be a ca_cert command line parameter.
Clients reject the SSL certificate in my current Squid configuration because the CA cert is missing. Are you experiencing the same problem?