Hi all,
I wonder how to make this possible:
We have users who are required to connect to a customer's web server via the customer's forward proxy and using client certificates.
Because we want to get rid of handling the client certificates on the user side I would like to use an intermediate proxy that acts as a client for the customer.
I thought of something like this:
1. Client-Browser connects to his local forward proxy, which is a Squid 2.5 (without using certificates or SSL)
2. The local forward Squid sends all traffic to a local Reverse Squid 2.5 w/SSLpatch (without using certificates or SSL)
3. The reverse Squid would then connect to the customer's web server via SSL and using client certificates.
I have set this up in a lab and it works very fine. It completely solves my concerns of having to fiddle around on the existing systems (clients, DNS and local forward proxy).
The thing where I "hang" is this:
I don't know how to make my reverse Squid connect to the customer's web server using the customer's forward proxy...
I have played around with cache_peer and sslproxy_whatever directives but did never manage to establish a working connection.
Can anyone point me into the right direction with this? It would also help to know, if this is possible at all - after several hours of testing I have started to have severe doubts about my idea...
Any ideas are very welcome :)
Regards,
Zrinka
Received on Mon Jul 18 2005 - 10:53:21 MDT
This archive was generated by hypermail pre-2.1.9 : Mon Aug 01 2005 - 12:00:02 MDT