On 22/05/11 06:09, Stephan Hügel wrote:
> Hello,
> Apologies in advance for the (presumably) repetitive question:
> I'd like to set up squid to provide an SSL cert required for access to
> a certain site on behalf of my users. I've converted the cert (it was
> provided in PFX format) to PEM format, and generated a key (though I'm
> not entirely sure that's necessary).
> I've installed squid 2.7.STABLE9 on Ubuntu 11.04, and configured http
> access for users on my subnet, and this is working correctly:
>
> http_port 3128
> acl all src all
> acl manager proto cache_object
> acl localhost src 127.0.0.1/32
> acl to_localhost dst 127.0.0.0/8 0.0.0.0/32
> acl localnet src 10.10.10.0/24
> [snip]
> http_access allow localnet
> icp_access allow localnet
>
> But I haven't been able to find a HOWTO for transparently providing
> the required SSL cert on behalf of clients when they connect to the
> site which requires it.
> I assume I have to provide a https_port (443?) , and https_allow
> localnet, but I'm not sure about anything else.
>
> TIA
https_port is for reverse-proxy when the certificate is to be presented
to the *client*.
From what you say, it seems clients are supposed to present a unique
identifier certificate to the *server* and you want to forge from Squid?
Before we give you any config, which of those completely different
setups do you actually want?
Amos
-- Please be using Current Stable Squid 2.7.STABLE9 or 3.1.12 Beta testers wanted for 3.2.0.7 and 3.1.12.1Received on Sun May 22 2011 - 03:01:31 MDT
This archive was generated by hypermail 2.2.0 : Sun May 22 2011 - 12:00:02 MDT