Re: [squid-users] Re: Configuring Squid to Proxy HTTPS

From: Martin \(Jake\) Jacobson <jakecjacobson_at_gmail.com>
Date: Thu, 3 Feb 2011 16:34:01 -0500

Amos,

Thank you for the help. I was able to get squid configured and
running but I am getting an "access denied" error from squid when
trying to connect. In the squid access logs I see something like
"TCP_DENIED/403 1539 CONNECT www.mydestination.com:443"

I didn't change any of the minimum acl or http_access lines in the
basic squid configuration. Can you point me in the correct direction
on this problem? Again, thanks for your help.

Jake Jacobson

http://www.google.com/profiles/jakecjacobson

Our greatest fear should not be of failure,
but of succeeding at something that doesn't really matter.
   -- ANONYMOUS

On Wed, Feb 2, 2011 at 10:04 PM, Amos Jeffries <squid3_at_treenet.co.nz> wrote:
> On Wed, 2 Feb 2011 11:15:31 -0500, "Martin \(Jake\) Jacobson" wrote:
>> Hi,
>>
>> I need to configure a proxy box that will proxy a site that requires a
>> PKI cert.  The site requires a chained cert and fails if the cert
>> presented is unchained.  We have a bot that is only presenting its
>> cert and not the complete chain so it fails the connection.
>
> Sounds like you need to figure out why a non-chained cert was loaded into
> the bot in the first place.
>
>>
>> I am wondering if we could have squid make the request for the
>> resource and instead of using the bot's cert, the squid client would
>> use the chained cert that I have loaded with squid?
>>
>> Jake Jacobson
>
> To use Squid certs you will need the bot to communicate over unsecured
> HTTP with Squid.
> Then you just configure a cache_peer line in Squid presenting the relevant
> cert to the website.
>
> Amos
>
Received on Thu Feb 03 2011 - 21:34:09 MST

This archive was generated by hypermail 2.2.0 : Fri Feb 04 2011 - 12:00:01 MST