On Thu, 26 May 2005, Henrik Nordstrom wrote:
On Tue, 17 May 2005 Angel del Peso Martin@xxxxxxxxxxxxxxxx wrote:
we're trying to install squid 2.5 stable 6 on Red Hat Enterprise 3.0 as a
reverse proxy. We want to access several internal servers using the proxy (
each server has its own different running certificate). What we want is
squid only to redirect the connections, so we don't have to install any
certificate on it. Is this possible? How can it be done?
INTERNET->HTTPS->PROXY->HTTPS->INTERNAL SERVER (SERVER1.MYDOMAIN.COM) INTERNET->HTTPS->PROXY->HTTPS->INTERNAL SERVER (SERVER2.MYDOMAIN.COM)
For this you need Squid-3.0 (still under development), or squid-2.5 + SSL update patch and some tinkering..
Correction: For the above (SSL end-to-end browser to server) you can not use Squid. You need a TCP plug or NAT allowing the client connections directly to your servers.
Proxying of SSL in this manner is meaningless as the proxy only sees encrypted garbage, and all the proxy knows about what was requested by the client is the ip:port the client connected to (everything else is encrypted, and only exchanged after the SSL certificate negotiation).
Regards Henrik