■OPENSSLインストール
wget http://www.openssl.org/source/openssl-0.9.8d.tar.gz
tar xzvf openssl-0.9.8d.tar.gz
cd openssl-0.9.8d
./config
make
make install
■パスフレーズで保護された秘密鍵を生成
bin/openssl genrsa -des 1024 > private/key.pem
--------------------
1112 semi-random bytes loaded
Generating RSA private key, 1024 bit long modulus
.+++++
..............+++++
e is 65537 (0x10001)
Enter PEM pass phrase:(パスフレーズ入力)
Verifying password - Enter PEM pass phrase:(パスフレーズ再入力)
--------------------
■CSR(サイト証明書を発行するためのリクエスト作成)
bin/openssl req -new -days 365 -key private/key.pem -out csr.pem
--------------------
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:JP
State or Province Name (full name) [Some-State]:Tokyo
Locality Name (eg, city) :Shibuya-ku
Organization Name (eg, company) [Internet Widgits Pty Ltd]:hogege,ltd.
Organizational Unit Name (eg, section) :hogege division
Common Name (eg, YOUR name) :hogege.net
Email Address :(そのままリターン)
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password :(そのままリターン)
An optional company name :(そのままリターン)
--------------------
■認証局を使わず、自分で署名する場合
bin/openssl x509 -in csr.pem -out certs/cert.pem -req -signkey private/key.pem -days 365
■squid install
cd /wget http://www.squid-cache.org/Versions/v2/2.5/squid-2.5.STABLE14.tar.gz
tar xzvf squid-2.5.STABLE14.tar.gz
cd squid-2.5.STABLE14
./configure --enable-err-language=Japanese --disable-internal-dns --enable-ssl
cp /usr/local/squid/etc/squid.conf /squid.conf
make;make install
vi /usr/local/squid/etc/squid.conf
--------------------
cache_dir ufs /var/cache/squid 100 16 256
cache_effective_user squid
visible_hostname hogege.net
httpd_accel_host 192.168.1.1(自分自身のIPとかアプリが動いているサーバとか)
httpd_accel_port 80
httpd_accel_single_host on
httpd_accel_with_proxy on
httpd_accel_uses_host_header off
https_port 443 cert=/usr/local/ssl/certs/cert.pem key=/usr/local/ssl/private/key.pem
acl SSL_ports port 443
acl all src 0.0.0.0/0.0.0.0
http_access allow all
coredump_dir /var/cache/squid
cache_access_log /var/log/squid/access.log
cache_log /var/log/squid/cache.log
cache_store_log /var/log/squid/store.log
--------------------
/usr/local/squid/sbin/squid -z
chown -R squid /usr/local/squid/var/logs; chgrp -R squid /usr/local/squid/var/logs
/usr/local/squid/sbin/squid -z