Re: [squid-users] Re: Configuring Squid to Proxy HTTPS

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Thu, 03 Feb 2011 03:04:14 +0000

On Wed, 2 Feb 2011 11:15:31 -0500, "Martin \(Jake\) Jacobson" wrote:
> Hi,
>
> I need to configure a proxy box that will proxy a site that requires a
> PKI cert.  The site requires a chained cert and fails if the cert
> presented is unchained.  We have a bot that is only presenting its
> cert and not the complete chain so it fails the connection.

Sounds like you need to figure out why a non-chained cert was loaded into
the bot in the first place.

>
> I am wondering if we could have squid make the request for the
> resource and instead of using the bot's cert, the squid client would
> use the chained cert that I have loaded with squid?
>
> Jake Jacobson

To use Squid certs you will need the bot to communicate over unsecured
HTTP with Squid.
Then you just configure a cache_peer line in Squid presenting the relevant
cert to the website.

Amos
Received on Thu Feb 03 2011 - 03:04:18 MST

This archive was generated by hypermail 2.2.0 : Fri Feb 04 2011 - 12:00:01 MST