[squid-users] acl user_cert format in squid 3.1.10

From: Lundy, Mark <MarkLundy_at_fico.com>
Date: Thu, 15 Aug 2013 10:22:50 -0500

Hi There,
>>
>>
>>
>>squid version : 3.1.10 ( squid-3.1.10-16.el6 )
>>
>>We are attempting to authenticate remote connections using SSL client
>>certificates.
>>
>>We have :
>>
>>https_port 443 cert=/etc/squid/server_cert.pem
>>cafile=/etc/squid/extra-clientca-certs.pem clientca=/etc/pki/tls/cert.pem
>>sslcontext=id vhost
>>
>>
>>acl clientcert_customer user_cert CN client.customer.net
>>
>>acl ourserverpath urlpath_regex ^/client/serverApplication
>>
>>acl gateway_inbound dstdomain gateway.ourcompany.net
>>
>>
>>cache_peer 10.10.20.30 parent 4004 0 no-query no-digest originserver
>>name=ourserverpath_inbound
>>cache_peer_access ourserverpath_inbound allow clientcert_customer
>>ourserverpath gateway_inbound
>>
>>
>>
>>The issue that we seem to be having is that the CN provided in the client
>>certificate presented by the customer , doesn't seem to be matching
>>against the one in the line :
>>
>>acl clientcert_customer user_cert CN client.customer.net
>>
>>
>>We can see that the certificate is correct, so we're thinking that the
>>format for the above line is not quite right.
>>
>>Can anyone advise as to what we might be missing in the configuration?
>>
>>Any advise is greatly appreciated.
>>
>>Thanks.
>>Regards,
>>
>>-Mark
>>

This email and any files transmitted with it are confidential, proprietary and intended solely for the individual or entity to whom they are addressed. If you have received this email in error please delete it immediately.
Received on Thu Aug 15 2013 - 15:22:59 MDT

This archive was generated by hypermail 2.2.0 : Fri Aug 16 2013 - 12:00:05 MDT