Search squid archive

Re: Squid proxy server - Client certificate (reverse proxy)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 28/01/11 07:48, Qvalpro Solutions wrote:

Hi Folks,

I just started exploring Squid proxy and I am clueless of how to use
Squid in my setup.

Some background on why I am trying to use the Squid proxy:
I have a billing application installed in a windows server. This
particular billing application uses some proprietary file system,
which cannot be customized. I have purchased a Payway API account
(Payway API is nothing but a payment processing system for credit
cards) for using with the billing application. I just noticed that the
Payway API needs a digital certificate to be installed for processing
the payments. Unfortunately, my billing application doesn't allow any
certificate installation. When I spoke to the billing application
development company and Payway, they suggested me to use the Squid
proxy to workaround the problem. I was also told that the Squid proxy
can provide the client certificate.

As I don't have adequate exposure to setting up proxy servers, I have
the following questions:
1. Can I install the Squid proxy in the same server where my billing
application is located?


Yes.
Additional problem though: Windows Squid builds only have experimental SSL support and are limited to squid-2.7 for now.
If you need to do this for Windows please contact Guido at Acme Consulting (http://squid.acmeconsulting.it/) for support. 



2. How do I connect the billing application to the Squid Proxy? Do I
need to use some port for this and how am I supposed to connect the
Squid Proxy to the Payway API?
You setup Squid as a reverse-proxy and make old billing application believe Squid is the Payway system. Usually via DNS. Squid handles the rest once requests are arriving nicely to it. 

Start with this:
http://wiki.squid-cache.org/ConfigExamples/Reverse/BasicAccelerator
it covers the very simple config just to get an accelerator working. Stuff like SSL require additional config. 


3. How do I install the digital certificate provided by Payway in the
Squid proxy and what format of digital certificate is to be used -
.net or PHP or ASP or something else?


Squid uses .PEM format certificates.
After doing the setup from your question 2. You configure Squid to use them with additional options on the cache_peer line. Set the "ssl" flag to enable SSL on the link then any of the other ssl*= options as needed by the Payway system. 

http://www.squid-cache.org/Doc/config/cache_peer/

(snipped Q4-6 since they are answerd above as well).

Amos
--
Please be using
  Current Stable Squid 2.7.STABLE9 or 3.1.10
  Beta testers wanted for 3.2.0.4
[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux