Hi all, I wonder how to make this possible: We have users who are required to connect to a customer's web server via the customer's forward proxy and using client certificates. Because we want to get rid of handling the client certificates on the user side I would like to use an intermediate proxy that acts as a client for the customer. I thought of something like this: 1. Client-Browser connects to his local forward proxy, which is a Squid 2.5 (without using certificates or SSL) 2. The local forward Squid sends all traffic to a local Reverse Squid 2.5 w/SSLpatch (without using certificates or SSL) 3. The reverse Squid would then connect to the customer's web server via SSL and using client certificates. I have set this up in a lab and it works very fine. It completely solves my concerns of having to fiddle around on the existing systems (clients, DNS and local forward proxy). The thing where I "hang" is this: I don't know how to make my reverse Squid connect to the customer's web server using the customer's forward proxy... I have played around with cache_peer and sslproxy_whatever directives but did never manage to establish a working connection. Can anyone point me into the right direction with this? It would also help to know, if this is possible at all - after several hours of testing I have started to have severe doubts about my idea... Any ideas are very welcome :) Regards, Zrinka
