[squid-users] Is there a way to allow connection according to user certificate?

Ser de Bronce serdebronce at gmail.com
Thu May 5 13:06:22 UTC 2016


Dear Amos and Yuri, thanks a lot for your answers.

Sorry for the mess, I'm novice here.
As it turned out my proxy is not transparent...

By "some reasons" I meant clients' experience reasons, let me explain.

I use explicit proxy and my clients connect to proxy using iPhone only.
I installed self-signed certificate on every iPhone and made login/pass
authentication.
It works perfect for wi-fi connection, because in this case iPhone gives a
possibility to specify proxy domain, port, login and password.
However to make them connect to proxy using mobile internet I had to
install APN profile on each iPhone. Inside APN profile I can specify domain
and port, but not login and pass (APN doesn't have such settings). So when
client opens browser using mobile internet he is asked for login/pass every
time. This situation is not appropriate for me so I can't use login/pass.

I'm thinking that maybe it's possible to replace login/pass authentication
with certificate authentication.
I want to authenticate users using a digital certificate they already have
on their iPhone.

I found some articles about certificate authentication for reverse proxy,
but can't find anything about explicit one.
Is it possible?

Best Regards,
Sergey
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20160505/cffc1dc6/attachment.html>


More information about the squid-users mailing list