Search squid archive

Re: Squid Upstream Configuration Query

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 6/20/22 04:49, Honey Bajaj wrote:

as a part of Enterprise security and consolidation, we are asked to onboard a commercial SaaS based proxy solution. This solution requires a SSL certificate to be embedded in every application which a commercial vendor has shared with us. To simplify this process, we are evaluating if Squid can play following role:

Application (no ssl configuration) --> Squid (Upstream configuration hosting SaaS client certificate) --> SaaS Proxy --> ExternalURL

kindly suggest if this can be achieved.

Yes, if SaaS Proxy is an HTTPS proxy, then Squid can be configured to authenticate itself using a configured client certificate while talking TLS to that SaaS proxy. Here is a (somewhat redundant by explicit) configuration sketch to get you started:

    cache_peer ... parent tls sslcert=squid.pem ...
    nonhierarchical_direct off
    never_direct allow all
    always_direct deny all

The "tls" option is spelled "ssl" in earlier Squids IIRC.

See squid.conf.documented for details.


HTH,

Alex.
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users




[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux