Hi,
we are using squid (3.0) in accelerator mode using https:
https_port 443 cert=/etc/squid/cert.pem key=/etc/squid/key.pem
defaultsite=mail.domain.de
cache_peer 10.1.1.1 parent 443 0 no-query originserver ssl
sslflags=DONT_VERIFY_PEER name=mail.domain.de
...some acls...
this is working fine.
Now our customer wants to add a little bit security by authenticating
the clients on the internet using client certificates. Is it possible
to make squid request a client certificate (and if it is- how)? Or
does the "real server" have to request the certificate? I didn't find
something like that in the docs - if I missed that, please give me a
hint where to find it.
client (internet) -----> squid (DMZ) -----> real server
client-cert? check if client
cert is valid?
--
Reiner