- `proxy-ca.pem`: CA which is used for all connections to the client
- `proxy-ca-key.pem`: private key for the CA
+- `proxy-dh.pem`: Diffie-Hellman parameters for the proxy
- `proxy-key.pem`: private key for the proxy
- `proxy-invalid.pem`: special certificate used for invalid pages
certificate to secure the connection to the client (signed by `proxy-ca.pem`).
If an error occurs in the validation (missing `certificate-*.pem` files,
-fingerprint changed, etc.) it's logged by the proxy (stdout) and the special
+fingerprint changed, etc.) it's logged by the proxy (stderr) and the special
`proxy-invalid.pem` certificate is used to send a 500 error message to the
client. The connection to the server is closed so there's no chance that any
client data is sent to the (possible) evil server. The invalid certificate is