On 5/05/20 9:04 pm, mariolatif741 wrote: > Hello, > > I have a Squid proxy server (proxy A) and I redirect all its traffic to > another proxy (proxy B) using a parent cache peer. > > However, proxy B requires a SSL certificate to be used so it can intercept > the HTTPS requests and read them. > > I want to specify the path of the CA certificate to Squid in proxy A so my > users can be redirected to proxy B without having to install the CA > certificate. > > Is it possible? If the client is participating in the TLS handshake it *always* requires the CA to be installed. To use TLS on the connection between proxyA and proxyB: cache_peer proxyB parent 3128 0 tls-ca=/path/to/proxyB_CA.pem Note that this is only to encrypt traffic between the proxies. When the client is not involved. To further improve security you should also use a client certificate for proxyA and setup client cert validation between the proxies. Amos _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
