[squid-users] Is there a way to allow connection according to user certificate?
Ser de Bronce
serdebronce at gmail.com
Thu May 5 13:06:22 UTC 2016
Dear Amos and Yuri, thanks a lot for your answers.
Sorry for the mess, I'm novice here.
As it turned out my proxy is not transparent...
By "some reasons" I meant clients' experience reasons, let me explain.
I use explicit proxy and my clients connect to proxy using iPhone only.
I installed self-signed certificate on every iPhone and made login/pass
It works perfect for wi-fi connection, because in this case iPhone gives a
possibility to specify proxy domain, port, login and password.
However to make them connect to proxy using mobile internet I had to
install APN profile on each iPhone. Inside APN profile I can specify domain
and port, but not login and pass (APN doesn't have such settings). So when
client opens browser using mobile internet he is asked for login/pass every
time. This situation is not appropriate for me so I can't use login/pass.
I'm thinking that maybe it's possible to replace login/pass authentication
with certificate authentication.
I want to authenticate users using a digital certificate they already have
on their iPhone.
I found some articles about certificate authentication for reverse proxy,
but can't find anything about explicit one.
Is it possible?
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the squid-users