On 10/19/2018 01:10 AM, houheming wrote: > Configure squid to be a https tproxy proxy Terminology clarification: You are configuring an transparent proxy for intercepting TLS/HTTPS traffic, not an (explicit) HTTPS proxy. > configure squid to send the client browser certificates which signed by X This phrase can be (mis)interpreted many ways: 1. Configure Squid to automatically generate origin server certificates (signed by a configured CA X) and send them to browsers/clients that go to those origin servers. 2. Configure Squid to use a configured client certificate (signed by some CA X) and send it to origin servers that request client certificates. Does any of the above match what you want to do? > https_port 443 ... > https_port 180.97.33.107:443 ... > https_port 180.97.33.108:443 ... I am not sure, but perhaps the first https_port line (the one without an explicit IP address) should come _last_ so that Squid can listen on the addresses that remain after 180.97.33.107 and 180.97.33.108 are taken by the other two ports? Also, if your Squid, when started without "-k parse", reports any warnings or errors, please share them. Alex. _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
