Re: [squid-users] Squid proxy server - Client certificate (reverse proxy) from Amos Jeffries on 2011-01-27 (squid-users)

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Fri, 28 Jan 2011 18:38:22 +1300

On 28/01/11 07:48, Qvalpro Solutions wrote:
> Hi Folks,
>
> I just started exploring Squid proxy and I am clueless of how to use
> Squid in my setup.
>
> Some background on why I am trying to use the Squid proxy:
> I have a billing application installed in a windows server. This
> particular billing application uses some proprietary file system,
> which cannot be customized. I have purchased a Payway API account
> (Payway API is nothing but a payment processing system for credit
> cards) for using with the billing application. I just noticed that the
> Payway API needs a digital certificate to be installed for processing
> the payments. Unfortunately, my billing application doesn't allow any
> certificate installation. When I spoke to the billing application
> development company and Payway, they suggested me to use the Squid
> proxy to workaround the problem. I was also told that the Squid proxy
> can provide the client certificate.
>
> As I don't have adequate exposure to setting up proxy servers, I have
> the following questions:
> 1. Can I install the Squid proxy in the same server where my billing
> application is located?

Yes.

Additional problem though: Windows Squid builds only have experimental
SSL support and are limited to squid-2.7 for now.

If you need to do this for Windows please contact Guido at Acme
Consulting (http://squid.acmeconsulting.it/) for support.

> 2. How do I connect the billing application to the Squid Proxy? Do I
> need to use some port for this and how am I supposed to connect the
> Squid Proxy to the Payway API?

You setup Squid as a reverse-proxy and make old billing application
believe Squid is the Payway system. Usually via DNS. Squid handles the
rest once requests are arriving nicely to it.

Start with this:
http://wiki.squid-cache.org/ConfigExamples/Reverse/BasicAccelerator
it covers the very simple config just to get an accelerator working.
Stuff like SSL require additional config.

> 3. How do I install the digital certificate provided by Payway in the
> Squid proxy and what format of digital certificate is to be used -
> .net or PHP or ASP or something else?

Squid uses .PEM format certificates.

After doing the setup from your question 2. You configure Squid to use
them with additional options on the cache_peer line.
Set the "ssl" flag to enable SSL on the link then any of the other ssl*=
options as needed by the Payway system.

http://www.squid-cache.org/Doc/config/cache_peer/

(snipped Q4-6 since they are answerd above as well).

Amos

-- 
Please be using
   Current Stable Squid 2.7.STABLE9 or 3.1.10
   Beta testers wanted for 3.2.0.4

Received on Fri Jan 28 2011 - 05:38:27 MST

This archive was generated by hypermail 2.2.0 : Tue Feb 01 2011 - 12:00:04 MST