Re: [squid-users] Client-Side Certificates at the Directory Level?

From: Henrik Nordström <henrik@dont-contact.us>
Date: Tue, 11 Sep 2007 13:33:34 +0200

mån 2007-09-10 klockan 10:13 -0700 skrev techguy005-ml@yahoo.com:

> In a Squid reverse proxy configurations, in order to
> use client certificates, the respective CA signer of
> the client-side certificates must be installed on the
> Squid server (not the web server) level so the
> end-user get challenged to present a client-side
> certificate by Squid instead of by the web server.
> Correct?

Correct.

> Can Squid be configured to define client-side
> certificate requirements at the DIRECTORY level (like
> the aforementioned "/ClientCertRequred/") or does the
> requirements have to be set based on the web site as a
> whole (i.e. "www.whatever.com")?

Currently it's per https_port only. Renegotiation of the SSL connection
by ACL requirements is not yet supported.

Regards
Henrik
Received on Tue Sep 11 2007 - 05:36:16 MDT

This archive was generated by hypermail pre-2.1.9 : Mon Oct 01 2007 - 12:00:02 MDT