[squid-users] Access SSL-Host via Forward Proxy and Client-Certificates

From: Zrinka Maslic <zrinka.maslic@dont-contact.us>
Date: Mon, 18 Jul 2005 18:53:19 +0200

Hi all,

I wonder how to make this possible:

We have users who are required to connect to a customer's web server via the customer's forward proxy and using client certificates.
Because we want to get rid of handling the client certificates on the user side I would like to use an intermediate proxy that acts as a client for the customer.

I thought of something like this:

1. Client-Browser connects to his local forward proxy, which is a Squid 2.5 (without using certificates or SSL)
2. The local forward Squid sends all traffic to a local Reverse Squid 2.5 w/SSLpatch (without using certificates or SSL)
3. The reverse Squid would then connect to the customer's web server via SSL and using client certificates.

I have set this up in a lab and it works very fine. It completely solves my concerns of having to fiddle around on the existing systems (clients, DNS and local forward proxy).

The thing where I "hang" is this:
I don't know how to make my reverse Squid connect to the customer's web server using the customer's forward proxy...

I have played around with cache_peer and sslproxy_whatever directives but did never manage to establish a working connection.

Can anyone point me into the right direction with this? It would also help to know, if this is possible at all - after several hours of testing I have started to have severe doubts about my idea...


Any ideas are very welcome :)

Regards,
Zrinka
Received on Mon Jul 18 2005 - 10:53:21 MDT

This archive was generated by hypermail pre-2.1.9 : Mon Aug 01 2005 - 12:00:02 MDT