[squid-users] squid reverse proxy and client certs

Alex Samad alex at samad.com.au
Wed Dec 30 04:11:29 UTC 2015


I have squid 3.5.12 working as a reverse proxy

cache_peer \
 parent 443 0 proxy-only no-query no-digest originserver \
 login=PASS \
 ssl \
 sslcafile=/etc/pki/tls/certs/ca-bundle.crt \
 sslflags=DONT_VERIFY_PEER \

This points to httpd which has a
        <Location /test/>
                DirectoryIndex index.shtml index.html
                Options -Indexes -Includes +IncludesNOEXEC
-SymLinksIfOwnerMatch -ExecCGI -FollowSymLinks

                SSLOptions +StdEnvVars +ExportCertData
                SSLVerifyClient optional_no_ca
                SSLVerifyDepth 4

Unfortunately the request for a client cert never makes it to the client.

How can I change this to allow client certs to work


More information about the squid-users mailing list