On 22/05/11 06:09, Stephan Hügel wrote:
Hello,
Apologies in advance for the (presumably) repetitive question:
I'd like to set up squid to provide an SSL cert required for access to
a certain site on behalf of my users. I've converted the cert (it was
provided in PFX format) to PEM format, and generated a key (though I'm
not entirely sure that's necessary).
I've installed squid 2.7.STABLE9 on Ubuntu 11.04, and configured http
access for users on my subnet, and this is working correctly:
http_port 3128
acl all src all
acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl to_localhost dst 127.0.0.0/8 0.0.0.0/32
acl localnet src 10.10.10.0/24
[snip]
http_access allow localnet
icp_access allow localnet
But I haven't been able to find a HOWTO for transparently providing
the required SSL cert on behalf of clients when they connect to the
site which requires it.
I assume I have to provide a https_port (443?) , and https_allow
localnet, but I'm not sure about anything else.
TIA
https_port is for reverse-proxy when the certificate is to be presented
to the *client*.
From what you say, it seems clients are supposed to present a unique
identifier certificate to the *server* and you want to forge from Squid?
Before we give you any config, which of those completely different
setups do you actually want?
Amos
--
Please be using
Current Stable Squid 2.7.STABLE9 or 3.1.12
Beta testers wanted for 3.2.0.7 and 3.1.12.1
