[squid-users] Let Squid use SSL certificate for a parent cache peer
Amos Jeffries
squid3 at treenet.co.nz
Tue May 5 09:30:34 UTC 2020
On 5/05/20 9:04 pm, mariolatif741 wrote:
> Hello,
>
> I have a Squid proxy server (proxy A) and I redirect all its traffic to
> another proxy (proxy B) using a parent cache peer.
>
> However, proxy B requires a SSL certificate to be used so it can intercept
> the HTTPS requests and read them.
>
> I want to specify the path of the CA certificate to Squid in proxy A so my
> users can be redirected to proxy B without having to install the CA
> certificate.
>
> Is it possible?
If the client is participating in the TLS handshake it *always* requires
the CA to be installed.
To use TLS on the connection between proxyA and proxyB:
cache_peer proxyB parent 3128 0 tls-ca=/path/to/proxyB_CA.pem
Note that this is only to encrypt traffic between the proxies. When the
client is not involved.
To further improve security you should also use a client certificate for
proxyA and setup client cert validation between the proxies.
Amos
More information about the squid-users
mailing list