Re: Mutual authentication managed by Squid

Ilya Karpov <karpoftea@xxxxxxxxx> · Fri, 20 Feb 2015 12:34:51 +0300

I’m not sure that using transparent sslbump squid will understand how to use client certificate for mutual authentication.
At least without transparent ssl bump it doesn’t.
Did you try to use trspr-sslbump for client auth? How does squid pick right client certificate for certain host?

Best regards,
Ilya Karpov
karpoftea@xxxxxxxxx

20 февр. 2015 г., в 12:24, Yuri Voinov <yvoinov@xxxxxxxxx> написал(а):

    Transparent SSL Bump interception, eh?

    20.02.15 15:14, Ilya Karpov пишет:

      Hi guys,
      can anyone suggest solution to make following
        scenario work using squid:

      step1. 
      Client(actually server application) calls HTTP://example.org
        squid via proxy.
       |
      V 
      step2. 
      Proxy(Squid) understands that all calls to HTTP://example.org should
        be changed to HTTPS://example.org,
        trusts CA that uses example.org and knows
        client certificate to use for https client authentication

         |
        V 

      step3.
      Origin(some server in internet) accepts https
        request, authenticates client, returns response

      The main aim is to make client know nothing about
        https complexity (storing certificates/keys, knowing specific
        algorithms etc), and make squid manage this things.

          Best regards,
          Ilya Karpov
          karpoftea@xxxxxxxxx

      _______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users

_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users

_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users