Hello, I have a 2007 exchange server and I would like make it available from the outside. So I set up a reverse proxy with squid (version 3.0 STABLE19) and a self signed certificate. client --> squid --> Exchange OWA https https The access is working from the outside but I would like the client needs a certificate to access to OWA. If I don't have certificate on the client I have the warning message about the identity of the certificate when I try to connect to OWA but I can continue if I ignore the ssl error and finally the connection is done ... I know the error is normal because it's a self signed certificate and the ca is not in the trusted list but I would like the access is possible only if I have the certificate on the client. What can I do in "squid" to resolve this issue ? Apparently some ACls exists like "user_cert" but I don't know if it's the solution and I don't see examples about the syntax. Below My config in Squid. visible_hostname exchange_outside debug_options ALL,1 extension_methods RPC_IN_DATA RPC_OUT_DATA https_port 443 accel cert=/path/exchg.pem key=/path/exchg.pem \ defaultsite=exchange_outside vhost cache_peer "ip_exchange" parent 4433 0 no-query originserver \ no-digest login=PASS ssl front-end-https=on sslcert=/chemin du certificat/owa.pem sslkey=/path/owa.pem sslcafile=/path/ca.crt name=exchange_hostname acl all src 0.0.0.0/0.0.0.0 acl owa dstdomain exchange_outside cache_peer_access exchange_outside allow exchg never_direct allow exchg http_access allow exchg http_access deny all miss_access allow exchg miss_access deny all access_log /var/log/squid3/access.log squid exchange_outside is the name used to access to exchange from the outside. Thanks for your help. -- View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/reverse-proxy-and-exchange-2007-tp3321349p3321349.html Sent from the Squid - Users mailing list archive at Nabble.com.