On 22/05/11 06:09, Stephan HÃgel wrote:
Hello, Apologies in advance for the (presumably) repetitive question: I'd like to set up squid to provide an SSL cert required for access to a certain site on behalf of my users. I've converted the cert (it was provided in PFX format) to PEM format, and generated a key (though I'm not entirely sure that's necessary). I've installed squid 2.7.STABLE9 on Ubuntu 11.04, and configured http access for users on my subnet, and this is working correctly: http_port 3128 acl all src all acl manager proto cache_object acl localhost src 127.0.0.1/32 acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 acl localnet src 10.10.10.0/24 [snip] http_access allow localnet icp_access allow localnet But I haven't been able to find a HOWTO for transparently providing the required SSL cert on behalf of clients when they connect to the site which requires it. I assume I have to provide a https_port (443?) , and https_allow localnet, but I'm not sure about anything else. TIA
https_port is for reverse-proxy when the certificate is to be presented to the *client*.
From what you say, it seems clients are supposed to present a unique identifier certificate to the *server* and you want to forge from Squid?
Before we give you any config, which of those completely different setups do you actually want?
Amos -- Please be using Current Stable Squid 2.7.STABLE9 or 3.1.12 Beta testers wanted for 3.2.0.7 and 3.1.12.1
