Re: [squid-users] Client-Side Certificates from Henrik Nordstrom on 2007-09-19 (squid-users)

From: Henrik Nordstrom <henrik@dont-contact.us>
Date: Wed, 19 Sep 2007 09:55:31 +0200

On tor, 2007-09-13 at 13:18 -0700, techguy005-ml@yahoo.com wrote:

> ##### Squid Config #####
>
> https_port 192.168.0.2:443 protocol=https accel vhost
> cert=/apps/squid2.6.13/etc/ssl/syt-squid.test.com.pem
> cafile=/apps/squid2.6.13/etc/ssl/intcatrustedroot.pem
> defaultsite=syt-squid.test.com
> clientca=/apps/squid2.6.13/etc/ssl/clientca_trusted_root.pem

Why is cafile and clientca different?

The cafile needs to include the CAs the client certificates is signed
by.

If your server certificate needs a certificate chain then include this
in the server certificate file.

> I am at a loss as I'm not sure where the problem is.
> According to the Squid 2.6 docs, it should be as
> simple as adding in the CA cert for the signer of the
> client-cert and adding the "clientca=" directive to
> the squid.conf file.

It is, assuming it's a trusted CA..

Regards
Henrik

application/pgp-signature attachment: This is a digitally signed message part

Received on Wed Sep 19 2007 - 01:55:38 MDT

This archive was generated by hypermail pre-2.1.9 : Mon Oct 01 2007 - 12:00:02 MDT