Hello,
I have a 2007 exchange server and I would like make it available from the
outside.
So I set up a reverse proxy with squid (version 3.0 STABLE19) and a self
signed certificate.
client --> squid --> Exchange OWA
https https
The access is working from the outside but I would like the client needs a
certificate to access to OWA.
If I don't have certificate on the client I have the warning message about
the identity of the certificate when I try to connect to OWA but I can
continue if I ignore the ssl error and finally the connection is done ... I
know the error is normal because it's a self signed certificate and the ca
is not in the trusted list but I would like the access is possible only if
I have the certificate on the client.
What can I do in "squid" to resolve this issue ?
Apparently some ACls exists like "user_cert" but I don't know if it's the
solution and I don't see examples about the syntax.
Below My config in Squid.
visible_hostname exchange_outside
debug_options ALL,1
extension_methods RPC_IN_DATA RPC_OUT_DATA
https_port 443 accel cert=/path/exchg.pem key=/path/exchg.pem \
defaultsite=exchange_outside vhost
cache_peer "ip_exchange" parent 4433 0 no-query originserver \
no-digest login=PASS ssl front-end-https=on sslcert=/chemin du
certificat/owa.pem sslkey=/path/owa.pem sslcafile=/path/ca.crt
name=exchange_hostname
acl all src 0.0.0.0/0.0.0.0
acl owa dstdomain exchange_outside
cache_peer_access exchange_outside allow exchg
never_direct allow exchg
http_access allow exchg
http_access deny all
miss_access allow exchg
miss_access deny all
access_log /var/log/squid3/access.log squid
exchange_outside is the name used to access to exchange from the outside.
Thanks for your help.
--
View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/reverse-proxy-and-exchange-2007-tp3321349p3321349.html
Sent from the Squid - Users mailing list archive at Nabble.com.
