[prev in list] [next in list] [prev in thread] [next in thread] 

List:       squid-users
Subject:    Re: [squid-users] (71) Protocol error (TLS code: X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT)
From:       Amos Jeffries <squid3 () treenet ! co ! nz>
Date:       2020-08-26 4:28:01
Message-ID: 5c62a8a9-0458-3a9d-91f9-753b95558b88 () treenet ! co ! nz
[Download RAW message or body]

On 26/08/20 1:30 pm, m k wrote:
> Hi team,
> 
> Sorry for the many questions.
> As an in-house SE, I plan to switch from Bluecoat to Squid.  
> ***I am Japanese. And I can not do English.
> All are Google translations.***
> 
> I am doing a load test on Squid.
> Apache Jmeter is loading the self-certified WEB server.
> How can I test with a self-certified WEB server with Jmeter?
> 

You can use cache_peer for custom connectivity to a server:

  cache_peer jmeter.local parent 443 0 originserver \
    tls-cafile=/etc/squid/jmeter_ca_cert.pem \
    tls-default-ca=off

  cache_peer_access jmeter.local allow ...
  never_direct allow ...


Put the CA cert for jmeter in /etc/squid/jmeter_ca_cert.pem.


FYI: it is best to keep the self-signed cert as your own private CA and
give jmeter a normal server cert. Then you only have to change the
jmeter config if its cert gets compromised or needs updating for any
other reason. Squid can continue to use your self-signed CA to verify
any server certs it signed for jmeter.


Amos
_______________________________________________
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

[prev in list] [next in list] [prev in thread] [next in thread]