[squid-users] How to force squid to ask for client certificate during tls handshake on https_port?

Yuri Voinov yvoinov at gmail.com
Thu Jan 29 10:27:06 UTC 2015


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
 
.... Just read squid.conf.documented, is it? ;)

29.01.2015 16:26, Pavel Kazlenka пишет:
> Answering my own question:
>
> Adding clientca= and cafile= options of https_port is enough to
trigger client certificate request.
>
> On 01/28/2015 03:44 PM, Pavel Kazlenka wrote:
>> Hi gentlemen,
>>
>> I have https_port configured as the next:
>> https_port 3128 cert=/home/tester/certificates/server.crt
key=/home/tester/certificates/server.key
>>
>> and would like to force squid to retrieve client's certificate.
According to
http://www-01.ibm.com/support/knowledgecenter/api/content/nl/en-us/SSFKSJ_7.1.0/com.ibm.mq.doc/sy10660a.gif
, client certificate request is optional and looks like squid doesn't
request the one by default.
>> Squid version if 3.5.1.
>>
>> Is that possible at all and if so, how to do this?
>>
>> TIA,
>> Pavel
>> _______________________________________________
>> squid-users mailing list
>> squid-users at lists.squid-cache.org
>> http://lists.squid-cache.org/listinfo/squid-users
>
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
 
iQEcBAEBAgAGBQJUygr6AAoJENNXIZxhPexGFTQH/ilYlldxB3PI0aWTP4ngfTQM
SOwo3J73tG5ohi7MMutua8PmhMj28kuGEDXtXj8TradpGeIRcLS8RM2L6yxWFA5C
ac2T/WjuH0PLLUCYx7mWeFz7WV7lUpf1CmZIiXf5gNxNCrMDHZd+fXphVaAph15T
QE7W606yKmSM3zGbki7s8GtaBVh9TXSbkzpivnZbvbuvVN8FZow7rUzg9YWqgy79
wBRJy0GcJx39DsEEhB7KC56ov8nFNe2kMWL7V6E1HbH4bZNMToPM53YO/9S06M9z
/5dd9z9QReSwLgFEXMH1+yBFCfrA2onozJFcVoXOfu6UiUZbOFrczugwejH81Cc=
=UTXu
-----END PGP SIGNATURE-----



More information about the squid-users mailing list