mån 2007-09-10 klockan 10:13 -0700 skrev techguy005-ml@xxxxxxxxx: > In a Squid reverse proxy configurations, in order to > use client certificates, the respective CA signer of > the client-side certificates must be installed on the > Squid server (not the web server) level so the > end-user get challenged to present a client-side > certificate by Squid instead of by the web server. > Correct? Correct. > Can Squid be configured to define client-side > certificate requirements at the DIRECTORY level (like > the aforementioned "/ClientCertRequred/") or does the > requirements have to be set based on the web site as a > whole (i.e. "www.whatever.com")? Currently it's per https_port only. Renegotiation of the SSL connection by ACL requirements is not yet supported. Regards Henrik
