https_port ... ca=/path/to/your/ca.crt should do it, but this is an area not extensively tested and you may need to also verify the certificate data using an acl.
Regards Henrik On Friday 29 August 2003 00.51, [EMAIL PROTECTED] wrote: > Thank you for this information. > Please could you tell me how to force use of client certificates ? > I want squid to reject connections without client certificates > authenticated by my CA certificate. > > Regards, > Laurent Derrien > > > > > > Henrik Nordstrom <[EMAIL PROTECTED]> > 27/08/2003 19:07 > > > Pour : [EMAIL PROTECTED], > [EMAIL PROTECTED] cc : > Objet : Re: [squid-users] user_cert in Squid 3.0 PRE3 > > On Wednesday 27 August 2003 05.12, [EMAIL PROTECTED] wrote: > > The configuration is good without client certificate ACL. > > But connections always fail when I activate the user_cert ACL. I > > guess I don't use the right syntax. > > The help in squid.conf is not detailed enough for me : > > # acl aclname user_cert attribute values... > > # # match against attributes in a user SSL certificate > > # # attribute is one of DN/C/O/CN/L/ST > > Could you help me with examples ? > > > > Here are the main lines of my squid.conf : > > > > https_port 443 defaultsite=192.168.x.x protocol=http > > cert=rproxy.crt key=rproxy.key cafile=myca.crt > > sslflags=DELAYED_AUTH > > cache_peer 192.168.x.x parent 80 0 originserver > > acl Cert_OK user_cert CN="Laurent Derrien" > > http_access allow Cert_OK > > http_access deny all > > Delayed/acl triggered SSL certificate negotiations is not yet > implemented. For now the use of client certificates is all or none. > > Regards > Henrik
