On Wed, Dec 15, 2010 at 7:01 PM, Karoly Negyesi <[email protected]> wrote: > Hi, > > I am trying to set up Squid to use SSL user certifications for auth. > My attempt is http://paste.pocoo.org/show/305243/ here but the > > acl clientcert user_cert O Organization name > http_access allow clientcert > > rule seemingly does not kick in. I get The request CONNECT > www.example.com:443 is DENIED, because it matched 'all'
While I'm not an SSL expert, I guess the rule doesn't kick in because your squid is not really using encryption. It's doing plain HTTP tunneling, it never sees the cert really. I guess that the documentation may be clearer and specify that this is really only useful for reverse-proxy scenarios. It is not a limitation by squid, but it is a limitation of all known browsers. -- /kinkie
