[squid-users] squid reverse proxy and client certs

Alex Samad alex at samad.com.au
Wed Dec 30 04:11:29 UTC 2015


Hi

I have squid 3.5.12 working as a reverse proxy

cache_peer 127.0.0.1 \
 parent 443 0 proxy-only no-query no-digest originserver \
 login=PASS \
 ssl \
 sslcafile=/etc/pki/tls/certs/ca-bundle.crt \
 sslflags=DONT_VERIFY_PEER \
 name=webServer

This points to httpd which has a
        <Location /test/>
                DirectoryIndex index.shtml index.html
                Options -Indexes -Includes +IncludesNOEXEC
-SymLinksIfOwnerMatch -ExecCGI -FollowSymLinks

                SSLOptions +StdEnvVars +ExportCertData
                SSLVerifyClient optional_no_ca
                SSLVerifyDepth 4
        </Location>

Unfortunately the request for a client cert never makes it to the client.

How can I change this to allow client certs to work

Alex


More information about the squid-users mailing list