https_port ... ca=/path/to/your/ca.crt
should do it, but this is an area not extensively tested and you may
need to also verify the certificate data using an acl.
Regards
Henrik
On Friday 29 August 2003 00.51, laurent.derrien@gouv.nc wrote:
> Thank you for this information.
> Please could you tell me how to force use of client certificates ?
> I want squid to reject connections without client certificates
> authenticated by my CA certificate.
>
> Regards,
> Laurent Derrien
>
>
>
>
>
> Henrik Nordstrom <hno@squid-cache.org>
> 27/08/2003 19:07
>
>
> Pour : laurent.derrien@gouv.nc,
> squid-users@squid-cache.org cc :
> Objet : Re: [squid-users] user_cert in Squid 3.0 PRE3
>
> On Wednesday 27 August 2003 05.12, laurent.derrien@gouv.nc wrote:
> > The configuration is good without client certificate ACL.
> > But connections always fail when I activate the user_cert ACL. I
> > guess I don't use the right syntax.
> > The help in squid.conf is not detailed enough for me :
> > # acl aclname user_cert attribute values...
> > # # match against attributes in a user SSL certificate
> > # # attribute is one of DN/C/O/CN/L/ST
> > Could you help me with examples ?
> >
> > Here are the main lines of my squid.conf :
> >
> > https_port 443 defaultsite=192.168.x.x protocol=http
> > cert=rproxy.crt key=rproxy.key cafile=myca.crt
> > sslflags=DELAYED_AUTH
> > cache_peer 192.168.x.x parent 80 0 originserver
> > acl Cert_OK user_cert CN="Laurent Derrien"
> > http_access allow Cert_OK
> > http_access deny all
>
> Delayed/acl triggered SSL certificate negotiations is not yet
> implemented. For now the use of client certificates is all or none.
>
> Regards
> Henrik
Received on Thu Aug 28 2003 - 23:51:49 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:19:17 MST