Thanks Henrik for your guidance however I still cannot seem to get client certificates to work with Squid 2.6.13 running on RHEL 4.2. Below is the config and steps I am performing. Any insight as to what I am doing wrong would be greatly appreciated. ##### Squid Config ##### https_port 192.168.0.2:443 protocol=https accel vhost cert=/apps/squid2.6.13/etc/ssl/syt-squid.test.com.pem cafile=/apps/squid2.6.13/etc/ssl/intcatrustedroot.pem defaultsite=syt-squid.test.com clientca=/apps/squid2.6.13/etc/ssl/clientca_trusted_root.pem # Non-SSL Cache Peer cache_peer 172.16.4.1 parent 80 0 proxy-only originserver name=test_syt # ACL acl test_syt_syt dstdomain syt-squid.test.com # Non-SSL Cache Peer Access cache_peer_access test_syt allow test_syt_syt ------------------------------------- ##### Actions Performed ##### 1) Verified client-side cert is valid via openssl: bash-3.00$ openssl verify -CAfile clientca_trusted_root.pem joe-clientcert.pem joe-clientcert.pem: OK 2a) Opened Internet Explorer 6 and connected to the Squid proxy. 2b) IE prompts to select the client-side certificate. 2c) Select the client-side certificate and click OK in the web browser. Squid Logs show: 2007/09/13 14:54:55| SSL unknown certificate error 20 in /O=Company, Inc./OU=Services/OU=Company Name - Something/OU=GroupID - TestTeam/OU=UserID - JoeSmoe/CN=Joe Smoe/emailAddress=joesmoe@xxxxxxxxxxx 2007/09/13 14:54:55| clientNegotiateSSL: Error negotiating SSL connection on FD 20: error:140890B2:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate returned (1/-1) 2007/09/13 14:54:55| SSL unknown certificate error 20 in /O=Company, Inc./OU=Services/OU=Company Name - Something/OU=GroupID - TestTeam/OU=UserID - JoeSmoe/CN=Joe Smoe/emailAddress=joesmoe@xxxxxxxxxxx 2d) IE prompts AGAIN to select the client-side certificate. Squid Logs show: 2007/09/13 14:54:57| SSL unknown certificate error 20 in /O=Company, Inc./OU=Services/OU=Company Name - Something/OU=GroupID - TestTeam/OU=UserID - JoeSmoe/CN=Joe Smoe/emailAddress=joesmoe@xxxxxxxxxxx 2007/09/13 14:54:57| clientNegotiateSSL: Error negotiating SSL connection on FD 20: error:140890B2:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate returned (1/-1) 2007/09/13 14:54:57| SSL unknown certificate error 20 in /O=Company, Inc./OU=Services/OU=Company Name - Something/OU=GroupID - TestTeam/OU=UserID - JoeSmoe/CN=Joe Smoe/emailAddress=joesmoe@xxxxxxxxxxx I tried the same process with FireFox 2.0.0.6 browser and got the exact same error messages in the Squid log file. I am at a loss as I'm not sure where the problem is. According to the Squid 2.6 docs, it should be as simple as adding in the CA cert for the signer of the client-cert and adding the "clientca=" directive to the squid.conf file. The same squid server utilizing normal SSL server certificates works great! It just seems to be the client-side certificates that is the issue. Any help would be appreciated! Thanks!
