<div dir="ltr"><div class="gmail_default" style="font-family:verdana,sans-serif"><div class="gmail_default"><span class="gmail-im" style="color:rgb(80,0,80)"><div class="gmail_default">We have setup squid proxy for outbound connection from one our SAP servers to few services on internet.</div><div class="gmail_default">While basic auth (username and password) works perfectly with this setup, we are struggling to get it working with cert based authentication.</div><div class="gmail_default"><br></div></span><div class="gmail_default">Certs are in p12 format.</div><span class="gmail-im" style="color:rgb(80,0,80)"><div class="gmail_default"><br></div><div class="gmail_default"> This is what our squid config looks like</div><div class="gmail_default"> </div><div class="gmail_default"><p style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:11px;line-height:normal;font-family:Menlo;color:rgb(251,30,255)"><span style="font-variant-ligatures:no-common-ligatures;color:rgb(235,239,24)">acl</span><span style="font-variant-ligatures:no-common-ligatures;color:rgb(0,0,0)"> sap </span><span style="font-variant-ligatures:no-common-ligatures;color:rgb(235,239,24)">src</span><span style="font-variant-ligatures:no-common-ligatures;color:rgb(0,0,0)"> </span><span style="font-variant-ligatures:no-common-ligatures">0.0.0.0</span><span style="font-variant-ligatures:no-common-ligatures;color:rgb(0,0,0)">/</span><span style="font-variant-ligatures:no-common-ligatures">0</span></p><p style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:11px;line-height:normal;font-family:Menlo;color:rgb(0,0,0)"><span style="font-variant-ligatures:no-common-ligatures;color:rgb(235,239,24)">acl</span><span style="font-variant-ligatures:no-common-ligatures"> whitelist </span><span style="font-variant-ligatures:no-common-ligatures;color:rgb(235,239,24)">dstdomain</span><span style="font-variant-ligatures:no-common-ligatures"> "/etc/squid/sites.whitelist.txt"</span></p><p style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:11px;line-height:normal;font-family:Menlo;color:rgb(0,0,0);min-height:13px"><span style="font-variant-ligatures:no-common-ligatures"></span><br></p><p style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:11px;line-height:normal;font-family:Menlo;color:rgb(0,0,0);min-height:13px"><span style="font-variant-ligatures:no-common-ligatures"></span><br></p><p style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:11px;line-height:normal;font-family:Menlo;color:rgb(0,0,0)"><span style="font-variant-ligatures:no-common-ligatures;color:rgb(235,239,24)">acl</span><span style="font-variant-ligatures:no-common-ligatures"> safeports </span><span style="font-variant-ligatures:no-common-ligatures;color:rgb(235,239,24)">port</span><span style="font-variant-ligatures:no-common-ligatures"> </span><span style="font-variant-ligatures:no-common-ligatures;color:rgb(251,30,255)">443</span><span style="font-variant-ligatures:no-common-ligatures"> </span><span style="font-variant-ligatures:no-common-ligatures;color:rgb(50,244,241)"># https</span></p><p style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:11px;line-height:normal;font-family:Menlo;color:rgb(0,0,0)"><span style="font-variant-ligatures:no-common-ligatures;color:rgb(235,239,24)">acl</span><span style="font-variant-ligatures:no-common-ligatures"> safeports </span><span style="font-variant-ligatures:no-common-ligatures;color:rgb(235,239,24)">port</span><span style="font-variant-ligatures:no-common-ligatures"> </span><span style="font-variant-ligatures:no-common-ligatures;color:rgb(251,30,255)">80</span><span style="font-variant-ligatures:no-common-ligatures"> </span><span style="font-variant-ligatures:no-common-ligatures;color:rgb(50,244,241)"># http</span></p><p style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:11px;line-height:normal;font-family:Menlo;color:rgb(0,0,0);min-height:13px"><span style="font-variant-ligatures:no-common-ligatures"></span><br></p><p style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:11px;line-height:normal;font-family:Menlo;color:rgb(0,0,0)"><span style="font-variant-ligatures:no-common-ligatures;color:rgb(235,239,24)">acl</span><span style="font-variant-ligatures:no-common-ligatures"> CONNECT </span><span style="font-variant-ligatures:no-common-ligatures;color:rgb(235,239,24)">method</span><span style="font-variant-ligatures:no-common-ligatures"> CONNECT</span></p><p style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:11px;line-height:normal;font-family:Menlo;color:rgb(0,0,0);min-height:13px"><span style="font-variant-ligatures:no-common-ligatures"></span><br></p><p style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:11px;line-height:normal;font-family:Menlo;color:rgb(0,0,0)"><span style="font-variant-ligatures:no-common-ligatures;color:rgb(235,239,24)">http_access</span><span style="font-variant-ligatures:no-common-ligatures"> </span><span style="font-variant-ligatures:no-common-ligatures;color:rgb(251,30,255)">allow</span><span style="font-variant-ligatures:no-common-ligatures"> safeports sap whitelist</span></p><p style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:11px;line-height:normal;font-family:Menlo;color:rgb(0,0,0)"><span style="font-variant-ligatures:no-common-ligatures;color:rgb(235,239,24)">http_access</span><span style="font-variant-ligatures:no-common-ligatures"> </span><span style="font-variant-ligatures:no-common-ligatures;color:rgb(251,30,255)">deny</span><span style="font-variant-ligatures:no-common-ligatures"> !safeports</span></p><p style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:11px;line-height:normal;font-family:Menlo;color:rgb(0,0,0)"><span style="font-variant-ligatures:no-common-ligatures;color:rgb(235,239,24)">http_access</span><span style="font-variant-ligatures:no-common-ligatures"> </span><span style="font-variant-ligatures:no-common-ligatures;color:rgb(251,30,255)">deny</span><span style="font-variant-ligatures:no-common-ligatures"> CONNECT !safeports</span></p><p style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:11px;line-height:normal;font-family:Menlo;color:rgb(235,239,24)"><span style="font-variant-ligatures:no-common-ligatures">http_access</span><span style="font-variant-ligatures:no-common-ligatures;color:rgb(0,0,0)"> </span><span style="font-variant-ligatures:no-common-ligatures;color:rgb(251,30,255)">deny</span><span style="font-variant-ligatures:no-common-ligatures;color:rgb(0,0,0)"> </span><span style="font-variant-ligatures:no-common-ligatures;color:rgb(251,30,255)">all</span></p><p style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:11px;line-height:normal;font-family:Menlo;color:rgb(0,0,0);min-height:13px"><span style="font-variant-ligatures:no-common-ligatures"></span><br></p><p style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:11px;line-height:normal;font-family:Menlo;color:rgb(235,239,24)"><span style="font-variant-ligatures:no-common-ligatures">http_port</span><span style="font-variant-ligatures:no-common-ligatures;color:rgb(0,0,0)"> </span><span style="font-variant-ligatures:no-common-ligatures;color:rgb(251,30,255)">3128</span></p><p style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:11px;line-height:normal;font-family:Menlo;color:rgb(235,239,24)"><span style="font-variant-ligatures:no-common-ligatures;color:rgb(251,30,255)"><br></span></p><p style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:11px;line-height:normal;font-family:Menlo;color:rgb(235,239,24)"><span style="font-variant-ligatures:no-common-ligatures;color:rgb(251,30,255)"><br></span></p></div><div style="font-family:Arial,Helvetica,sans-serif"><div dir="ltr"><div dir="ltr"><div><div dir="ltr"><div style="padding-top:10px;margin-top:10px"><span style="font-family:sans-serif;line-height:1.5em;color:rgb(85,85,85);border-width:2px 0px 0px;border-style:solid;border-color:rgb(213,15,37);padding-top:2px;margin-top:2px"><div class="gmail_default" style="font-family:verdana,sans-serif"> Any pointers are highly appreciated.</div></span></div></div></div></div></div></div></span></div><div style="font-family:Arial,Helvetica,sans-serif"><div class="gmail-adm" style="margin:5px 0px"><div id="gmail-q_1141" class="gmail-ajR gmail-h4" style="background-color:rgb(232,234,237);border:none;clear:both;line-height:6px;outline:none;width:24px;color:rgb(80,0,80);font-size:11px;border-radius:5.5px"><br class="gmail-Apple-interchange-newline"></div></div></div></div><div><div dir="ltr" class="gmail_signature" data-smartmail="gmail_signature"><div dir="ltr"><div><div dir="ltr"><div style="padding-top:10px;margin-top:10px"><span style="font-family:sans-serif;line-height:1.5em;color:rgb(85,85,85);border-top-width:2px;border-right-width:0px;border-bottom-width:0px;border-left-width:0px;border-top-style:solid;border-right-style:solid;border-bottom-style:solid;border-left-style:solid;border-top-color:rgb(213,15,37);border-right-color:rgb(213,15,37);border-bottom-color:rgb(213,15,37);border-left-color:rgb(213,15,37);padding-top:2px;margin-top:2px"><br></span></div><div style="padding-top:10px;margin-top:10px"><span style="font-family:sans-serif;line-height:1.5em;color:rgb(85,85,85);border-top-width:2px;border-right-width:0px;border-bottom-width:0px;border-left-width:0px;border-top-style:solid;border-right-style:solid;border-bottom-style:solid;border-left-style:solid;border-top-color:rgb(213,15,37);border-right-color:rgb(213,15,37);border-bottom-color:rgb(213,15,37);border-left-color:rgb(213,15,37);padding-top:2px;margin-top:2px"><br></span></div><div style="padding-top:10px;margin-top:10px"><span style="font-family:sans-serif;line-height:1.5em;color:rgb(85,85,85);border-top-width:2px;border-right-width:0px;border-bottom-width:0px;border-left-width:0px;border-top-style:solid;border-right-style:solid;border-bottom-style:solid;border-left-style:solid;border-top-color:rgb(213,15,37);border-right-color:rgb(213,15,37);border-bottom-color:rgb(213,15,37);border-left-color:rgb(213,15,37);padding-top:2px;margin-top:2px">Zaheer Shaikh |</span><font color="#555555" face="sans-serif"><span style="line-height:19px"> Corp Eng SRE, </span></font><span style="font-family:sans-serif;line-height:1.5em;border-top-width:2px;border-right-width:0px;border-bottom-width:0px;border-left-width:0px;border-top-style:solid;border-right-style:solid;border-bottom-style:solid;border-left-style:solid;border-top-color:rgb(51,105,232);border-right-color:rgb(51,105,232);border-bottom-color:rgb(51,105,232);border-left-color:rgb(51,105,232);padding-top:2px;margin-top:2px"><span style="background-color:rgb(255,255,255)"><font color="#3333ff">G</font></span></span><span style="font-family:sans-serif;line-height:1.5em;color:rgb(255,0,0);background-color:rgb(255,255,255)">o</span><span style="font-family:sans-serif;line-height:1.5em;border-top-width:2px;border-right-width:0px;border-bottom-width:0px;border-left-width:0px;border-top-style:solid;border-right-style:solid;border-bottom-style:solid;border-left-style:solid;border-top-color:rgb(51,105,232);border-right-color:rgb(51,105,232);border-bottom-color:rgb(51,105,232);border-left-color:rgb(51,105,232);padding-top:2px;margin-top:2px"><font color="#33cc00">o</font><font color="#3333ff">g</font><font color="#ff0000">l</font><font color="#ffcc00">e</font><font color="#555555">   |</font></span><span style="font-family:sans-serif;line-height:1.5em;color:rgb(85,85,85);border-top-width:2px;border-right-width:0px;border-bottom-width:0px;border-left-width:0px;border-top-style:solid;border-right-style:solid;border-bottom-style:solid;border-left-style:solid;border-top-color:rgb(0,153,57);border-right-color:rgb(0,153,57);border-bottom-color:rgb(0,153,57);border-left-color:rgb(0,153,57);padding-top:2px;margin-top:2px"> <a href="mailto:zaheer@google.com" target="_blank">zaheer@google.com</a> |</span><span style="font-family:sans-serif;line-height:1.5em;color:rgb(85,85,85);border-top-width:2px;border-right-width:0px;border-bottom-width:0px;border-left-width:0px;border-top-style:solid;border-right-style:solid;border-bottom-style:solid;border-left-style:solid;border-top-color:rgb(238,178,17);border-right-color:rgb(238,178,17);border-bottom-color:rgb(238,178,17);border-left-color:rgb(238,178,17);padding-top:2px;margin-top:2px"> </span></div><font face="Times" size="3"><br></font></div></div></div></div></div></div>