[squid-users] How to force squid to ask for client certificate during tls handshake on https_port?
Pavel Kazlenka
pavel.kazlenka at measurement-factory.com
Thu Jan 29 15:15:23 UTC 2015
Not really. There's no place in documentation where it is said which
directives trigger user certificate retrieval. This has sense and could
be assumed, but, e.g. acl user_cert doesn't trigger acquiring user
certificate though this directive works with user certificate too.
On 01/29/2015 01:27 PM, Yuri Voinov wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> .... Just read squid.conf.documented, is it? ;)
>
> 29.01.2015 16:26, Pavel Kazlenka пишет:
>> Answering my own question:
>>
>> Adding clientca= and cafile= options of https_port is enough to
> trigger client certificate request.
>> On 01/28/2015 03:44 PM, Pavel Kazlenka wrote:
>>> Hi gentlemen,
>>>
>>> I have https_port configured as the next:
>>> https_port 3128 cert=/home/tester/certificates/server.crt
> key=/home/tester/certificates/server.key
>>> and would like to force squid to retrieve client's certificate.
> According to
> http://www-01.ibm.com/support/knowledgecenter/api/content/nl/en-us/SSFKSJ_7.1.0/com.ibm.mq.doc/sy10660a.gif
> , client certificate request is optional and looks like squid doesn't
> request the one by default.
>>> Squid version if 3.5.1.
>>>
>>> Is that possible at all and if so, how to do this?
>>>
>>> TIA,
>>> Pavel
>>> _______________________________________________
>>> squid-users mailing list
>>> squid-users at lists.squid-cache.org
>>> http://lists.squid-cache.org/listinfo/squid-users
>> _______________________________________________
>> squid-users mailing list
>> squid-users at lists.squid-cache.org
>> http://lists.squid-cache.org/listinfo/squid-users
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2
>
> iQEcBAEBAgAGBQJUygr6AAoJENNXIZxhPexGFTQH/ilYlldxB3PI0aWTP4ngfTQM
> SOwo3J73tG5ohi7MMutua8PmhMj28kuGEDXtXj8TradpGeIRcLS8RM2L6yxWFA5C
> ac2T/WjuH0PLLUCYx7mWeFz7WV7lUpf1CmZIiXf5gNxNCrMDHZd+fXphVaAph15T
> QE7W606yKmSM3zGbki7s8GtaBVh9TXSbkzpivnZbvbuvVN8FZow7rUzg9YWqgy79
> wBRJy0GcJx39DsEEhB7KC56ov8nFNe2kMWL7V6E1HbH4bZNMToPM53YO/9S06M9z
> /5dd9z9QReSwLgFEXMH1+yBFCfrA2onozJFcVoXOfu6UiUZbOFrczugwejH81Cc=
> =UTXu
> -----END PGP SIGNATURE-----
>
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users
More information about the squid-users
mailing list