Search squid archive

Re: Web client not capable of SSL

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



sön 2010-05-02 klockan 13:43 +0200 skrev D.Veenker:
> My web client is not capable of SSL and definitely no client certificates.
> 
> - Can Squid do all the SSL-work in a transparent way, including the 
> client cerificates?

Yes.

> - How does the config look like?

Depends, but based on your later response it can be done two ways

a) Via a cache_peer for the site in question, using the ssl and
originserver options, and port 443 instead of 80. You can also specify
the client certificate here. In addition to cache_peer you also need to
specify never_direct for this site to force Squid to always use the
cache_peer.

b) By using an url rewriter helper to rewrite the request to https://
instead of http://. But gets a little messier to configure which client
certificate Squid should use here as there is only a global setting and
not per requested site like when using cache_peer.

> - Do a need to recompile Squid with --enalble-ssl?

Yes. Your Squid needs native SSL support to be able to wrap HTTP
requests in SSL. Tunnel mode is not sufficient for this.

Regards
Henrik



[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux