Amos, Thank you for the help. I was able to get squid configured and running but I am getting an "access denied" error from squid when trying to connect. In the squid access logs I see something like "TCP_DENIED/403 1539 CONNECT www.mydestination.com:443" I didn't change any of the minimum acl or http_access lines in the basic squid configuration. Can you point me in the correct direction on this problem? Again, thanks for your help. Jake Jacobson http://www.google.com/profiles/jakecjacobson Our greatest fear should not be of failure, but of succeeding at something that doesn't really matter. -- ANONYMOUS On Wed, Feb 2, 2011 at 10:04 PM, Amos Jeffries <squid3@xxxxxxxxxxxxx> wrote: > On Wed, 2 Feb 2011 11:15:31 -0500, "Martin \(Jake\) Jacobson" wrote: >> Hi, >> >> I need to configure a proxy box that will proxy a site that requires a >> PKI cert. The site requires a chained cert and fails if the cert >> presented is unchained. We have a bot that is only presenting its >> cert and not the complete chain so it fails the connection. > > Sounds like you need to figure out why a non-chained cert was loaded into > the bot in the first place. > >> >> I am wondering if we could have squid make the request for the >> resource and instead of using the bot's cert, the squid client would >> use the chained cert that I have loaded with squid? >> >> Jake Jacobson > > To use Squid certs you will need the bot to communicate over unsecured > HTTP with Squid. > Then you just configure a cache_peer line in Squid presenting the relevant > cert to the website. > > Amos >
