sön 2010-05-02 klockan 13:43 +0200 skrev D.Veenker:
> My web client is not capable of SSL and definitely no client certificates.
>
> - Can Squid do all the SSL-work in a transparent way, including the
> client cerificates?
Yes.
> - How does the config look like?
Depends, but based on your later response it can be done two ways
a) Via a cache_peer for the site in question, using the ssl and
originserver options, and port 443 instead of 80. You can also specify
the client certificate here. In addition to cache_peer you also need to
specify never_direct for this site to force Squid to always use the
cache_peer.
b) By using an url rewriter helper to rewrite the request to https://
instead of http://. But gets a little messier to configure which client
certificate Squid should use here as there is only a global setting and
not per requested site like when using cache_peer.
> - Do a need to recompile Squid with --enalble-ssl?
Yes. Your Squid needs native SSL support to be able to wrap HTTP
requests in SSL. Tunnel mode is not sufficient for this.
Regards
Henrik
Received on Sun May 02 2010 - 20:43:19 MDT
This archive was generated by hypermail 2.2.0 : Tue May 04 2010 - 12:00:03 MDT