[squid-users] Mutual authentication managed by Squid

Ilya Karpov karpoftea at gmail.com
Fri Feb 20 09:34:51 UTC 2015


I’m not sure that using transparent sslbump squid will understand how to use client certificate for mutual authentication.
At least without transparent ssl bump it doesn’t.
Did you try to use trspr-sslbump for client auth? How does squid pick right client certificate for certain host?

Best regards,
Ilya Karpov
karpoftea at gmail.com


> 20 февр. 2015 г., в 12:24, Yuri Voinov <yvoinov at gmail.com> написал(а):
> 
> Transparent SSL Bump interception, eh?
> 
> 20.02.15 15:14, Ilya Karpov пишет:
>> Hi guys,
>> can anyone suggest solution to make following scenario work using squid:
>> 
>> step1. 
>> Client(actually server application) calls HTTP://example <http://example/>.org squid via proxy.
>>  |
>> V 
>> step2. 
>> Proxy(Squid) understands that all calls to HTTP://example.org <http://example.org/> should be changed to HTTPS://example.org <https://example.org/>, trusts CA that uses example.org <http://example.org/> and knows client certificate to use for https client authentication
>>  |
>> V 
>> step3.
>> Origin(some server in internet) accepts https request, authenticates client, returns response
>> 
>> The main aim is to make client know nothing about https complexity (storing certificates/keys, knowing specific algorithms etc), and make squid manage this things.
>> 
>> 
>> Best regards,
>> Ilya Karpov
>> karpoftea at gmail.com <mailto:karpoftea at gmail.com>
>> 
>> 
>> 
>> 
>> 
>> _______________________________________________
>> squid-users mailing list
>> squid-users at lists.squid-cache.org <mailto:squid-users at lists.squid-cache.org>
>> http://lists.squid-cache.org/listinfo/squid-users <http://lists.squid-cache.org/listinfo/squid-users>
> 
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20150220/b42254f3/attachment.html>


More information about the squid-users mailing list