On 22 May 2011 04:01, Amos Jeffries <squid3@xxxxxxxxxxxxx> wrote: > On 22/05/11 06:09, Stephan HÃgel wrote: >> >> Hello, >> Apologies in advance for the (presumably) repetitive question: >> I'd like to set up squid to provide an SSL cert required for access to >> a certain site on behalf of my users. I've converted the cert (it was >> provided in PFX format) to PEM format, and generated a key (though I'm >> not entirely sure that's necessary). >> I've installed squid 2.7.STABLE9 on Ubuntu 11.04, and configured http >> access for users on my subnet, and this is working correctly: >> >> http_port 3128 >> acl all src all >> acl manager proto cache_object >> acl localhost src 127.0.0.1/32 >> acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 >> acl localnet src 10.10.10.0/24 >> [snip] >> http_access allow localnet >> icp_access allow localnet >> >> But I haven't been able to find a HOWTO for transparently providing >> the required SSL cert on behalf of clients when they connect to the >> site which requires it. >> I assume I have to provide a https_port (443?) , and https_allow >> localnet, but I'm not sure about anything else. >> >> TIA > > https_port is for reverse-proxy when the certificate is to be presented to > the *client*. > > From what you say, it seems clients are supposed to present a unique > identifier certificate to the *server* and you want to forge from Squid? > > > Before we give you any config, which of those completely different setups do > you actually want? > > Amos > -- > Please be using > ÂCurrent Stable Squid 2.7.STABLE9 or 3.1.12 > ÂBeta testers wanted for 3.2.0.7 and 3.1.12.1 > Amos, The latter; I'd like Squid to present the cert on behalf of the clients. -- steph
