Hi, I am trying to build a squid box that will proxy requests to two sites that require a PKI cert. The client doesn't have a cert so I want the squid box to take a request from the client and submit the certs it has to retrieve the resource. I was able to build squid 3.1.11 with ssl support and I have a very basic squid configuration to test. When I run squid -k parse I see that squid sees the certs 2011/02/24 17:23:19| Initializing cache_peer akocac SSL context 2011/02/24 17:23:19| Using certificate in /webroot/conf/squid/.ssl/server.crt 2011/02/24 17:23:19| Using private key in /webroot/conf/squid/.ssl/server.key 2011/02/24 17:23:19| NOTICE: Peer certificates are not verified for validity! 2011/02/24 17:23:19| Initializing cache_peer informationassurance SSL context 2011/02/24 17:23:19| Using certificate in /webroot/conf/squid/.ssl/server.crt 2011/02/24 17:23:19| Using private key in /webroot/conf/squid/.ssl/server.key 2011/02/24 17:23:19| NOTICE: Peer certificates are not verified for validity! BUT when I run squid -Nd1 I don't see any information about using the certs or private key!!! When squid is running I have tried to 1. Configure my web browser to use the squid proxy and retrieve a resource but instead of the Squid certs being passed, I am requested to use my certs loaded in my browser. 2. Telneting to the box and do a GET request for the resouced telnet localhost 3128 Connected to linsrcheval2o. Escape character is '^]'. GET https://myProtectedSitel/pki/login/external_silent_autologin.jhtml HTTP/1.0 403 Forbidden Both cases seem to indicate that squid is not using the PKI cert/key it has. Here is my configuration file: cache_peer protectedSite1 parent 443 0 no-query ssl sslcert=/webroot/conf/squid/.ssl/server.crt sslkey=/webroot/conf/squid/.ssl/server.key sslcapath=/webroot/conf/squid/.ssl/ca/ sslversion=3 sslflags=DONT_VERIFY_PEER originserver proxy-only name=site1 cache_peer protectedSite2 sibling 443 0 no-query no-digest no-netdb-exchange ssl sslcert=/webroot/conf/squid/.ssl/server.crt sslkey=/webroot/conf/squid/.ssl/server.key sslcapath=/webroot/conf/squid/.ssl/ca/ sslversion=3 sslflags=DONT_VERIFY_PEER originserver proxy-only name=site2 Let me know if you need anything else and thanks for the help on this. Jake Jacobson http://www.google.com/profiles/jakecjacobson Our greatest fear should not be of failure, but of succeeding at something that doesn't really matter. -- ANONYMOUS
