On 12/03/11 03:24, Tapio Niemi wrote:
Hi all, I'm new to squid and proxying in general, and I'm wondering if squid or any other proxy software by that matter is the right tool for the setup I need to do. Here's my situation. I have a HTTPS-only server on public internet, which requires client certificate authentication from all connections. (On apache terms, it's configured "SSLVerifyClient require"). Lets' call it server X. On a private, safe network (192.168.x.x style) I have hundreds of workstations that need to access server X. However, installing X.509 client certificates on all these workstations is a great administrative burden. So my intention is to put a reverse proxy server on the private network that accepts HTTP-connections from the private network, has a valid X.509 client certificate installed and uses this certificate to talk to server X using HTTPS on behalf of all the clients in the private address space. So, is this possible? And if so, I would be grateful to be pointed on some documentation where I can get started.
It is. This is what you need. Just replace "OWA" for "server X". http://wiki.squid-cache.org/ConfigExamples/Reverse/OutlookWebAccess Amos -- Please be using Current Stable Squid 2.7.STABLE9 or 3.1.11 Beta testers wanted for 3.2.0.5
