sön 2010-05-02 klockan 13:43 +0200 skrev D.Veenker: > My web client is not capable of SSL and definitely no client certificates. > > - Can Squid do all the SSL-work in a transparent way, including the > client cerificates? Yes. > - How does the config look like? Depends, but based on your later response it can be done two ways a) Via a cache_peer for the site in question, using the ssl and originserver options, and port 443 instead of 80. You can also specify the client certificate here. In addition to cache_peer you also need to specify never_direct for this site to force Squid to always use the cache_peer. b) By using an url rewriter helper to rewrite the request to https:// instead of http://. But gets a little messier to configure which client certificate Squid should use here as there is only a global setting and not per requested site like when using cache_peer. > - Do a need to recompile Squid with --enalble-ssl? Yes. Your Squid needs native SSL support to be able to wrap HTTP requests in SSL. Tunnel mode is not sufficient for this. Regards Henrik
