subject:"\[squid\-users\] Using client certificate for all connection"

Re: [squid-users] Using client certificate for all connection

2017-04-07 Thread Juande

Hi Amos, thanks for answering.

Im using Squid 3.5.12

I tried using the line:

sslproxy_client_certificate  /home/ubuntu/Documents/cert.pem

The pem was generated from .pfx using, 

openssl pkcs12 -in cert.pfx -out cert.pem -nodes

So it should contain the private key.

But my server still asking me for the certificate.^

Any ideas?



--
View this message in context: 
http://squid-web-proxy-cache.1019090.n4.nabble.com/Using-client-certificate-for-all-connection-tp4681942p4682016.html
Sent from the Squid - Users mailing list archive at Nabble.com.
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] Using client certificate for all connection

2017-04-03 Thread Amos Jeffries

On 4/04/2017 3:06 a.m., Matus UHLAR - fantomas wrote:
>>> IE I want the only the users which their certificates are in a file
>>> will be able to use the proxy?
>>> The other side is that squid as a client will posses and use a client
>>> side certificate.
>>> Which of the above is possible on latest stable(3.5)?
> 
> On 04.04.17 03:03, Amos Jeffries wrote:
>> Same things that have been possible since about Squid-2.1 or whenever
>> SSL support was added.
> 
> iirs this was not supported by browsers, does any support ssl-proxy
> connections?

You recall correct - for explicit/forward proxy Chrome and Firefox have
limited support when PAC is used, or some advanced hacks like command
line options. But generally browsers are refusing to talk to proxies
securely. Squid supports it already though.

Reverse-proxy, non-browser traffic, cache_peer and Squid->server
connections are where it really comes in handy.

Amos

___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] Using client certificate for all connection

2017-04-03 Thread Alex Rousskov

On 04/03/2017 09:06 AM, Matus UHLAR - fantomas wrote:
> iirs this was not supported by browsers, does any support ssl-proxy
> connections?

Yes, IIRC, FireFox and Chrome (at least) support SSL connections to
proxies, but configuration of that feature is "hidden". You should be
able to find several emails discussing details on this and IETF HTTP WG
mailing lists.

There are other, specialized browser-like clients/kiosks/etc. that
support SSL connections to proxies. FWIW, the latest Curl also supports
it (Factory implemented that Curl feature) so you can test
the functionality from the command line.

HTH,

Alex.

___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] Using client certificate for all connection

2017-04-03 Thread Matus UHLAR - fantomas


IE I want the only the users which their certificates are in a file will be 
able to use the proxy?
The other side is that squid as a client will posses and use a client side 
certificate.
Which of the above is possible on latest stable(3.5)?


On 04.04.17 03:03, Amos Jeffries wrote:

Same things that have been possible since about Squid-2.1 or whenever
SSL support was added.


iirs this was not supported by browsers, does any support ssl-proxy
connections?
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Boost your system's speed by 500% - DEL C:\WINDOWS\*.*
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] Using client certificate for all connection

2017-04-03 Thread Amos Jeffries

On 2/04/2017 8:59 p.m., Eliezer Croitoru wrote:
> For Incoming and outgoing  connections?

Yes.

> IE I want the only the users which their certificates are in a file will be 
> able to use the proxy?
> The other side is that squid as a client will posses and use a client side 
> certificate.
> Which of the above is possible on latest stable(3.5)?

Same things that have been possible since about Squid-2.1 or whenever
SSL support was added.

Amos

___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] Using client certificate for all connection

2017-04-02 Thread Eliezer Croitoru

For Incoming and outgoing  connections?
IE I want the only the users which their certificates are in a file will be 
able to use the proxy?
The other side is that squid as a client will posses and use a client side 
certificate.
Which of the above is possible on latest stable(3.5)?

Thanks,
Eliezer

Eliezer Croitoru
Linux System Administrator
Mobile: +972-5-28704261
Email: elie...@ngtech.co.il

-Original Message-
From: squid-users [mailto:squid-users-boun...@lists.squid-cache.org] On Behalf 
Of Amos Jeffries
Sent: Sunday, April 2, 2017 10:48 AM
To: squid-users@lists.squid-cache.org
Subject: Re: [squid-users] Using client certificate for all connection

On 31/03/2017 2:55 p.m., Eliezer  Croitoru wrote:
> As far my understanding goes squid doesn't have this function yet.
> Maybe if you will put haproxy(not sure) infront of squid you might be able to 
> achieve your goal.
> 

It depends on exactly what is wanted as to how they are configured. But
Squid does have support for client certificates on all TLS connections.

Amos

___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] Using client certificate for all connection

2017-04-02 Thread Amos Jeffries

On 31/03/2017 9:39 p.m., Juande wrote:
> Half and half. I need a way to client certificate authorize the requests from
> my analyzer software that does not support certificate authentication, but
> does support using a proxy. 
> 
> So I need that squid provides the certificate for all requests to all
> servers. We have testing certificates that work in many servers, so I can
> use the same certificate to authenticate in all of them.

For Squid-3 releases use:
 
 

For Squid-4 and later those have become the cert= and key= options for:
 


Amos

___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] Using client certificate for all connection

2017-04-02 Thread Amos Jeffries

On 31/03/2017 2:55 p.m., Eliezer  Croitoru wrote:
> As far my understanding goes squid doesn't have this function yet.
> Maybe if you will put haproxy(not sure) infront of squid you might be able to 
> achieve your goal.
> 

It depends on exactly what is wanted as to how they are configured. But
Squid does have support for client certificates on all TLS connections.

Amos

___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] Using client certificate for all connection

2017-03-31 Thread Juande

Half and half. I need a way to client certificate authorize the requests from
my analyzer software that does not support certificate authentication, but
does support using a proxy. 

So I need that squid provides the certificate for all requests to all
servers. We have testing certificates that work in many servers, so I can
use the same certificate to authenticate in all of them.

Im already doing that with Owasp ZAP proxy, but I need a command line only
proxy to keep it running on my testing machine, and I thought that a
versatile proxy like squid would have this option.



--
View this message in context: 
http://squid-web-proxy-cache.1019090.n4.nabble.com/Using-client-certificate-for-all-connection-tp4681942p4681951.html
Sent from the Squid - Users mailing list archive at Nabble.com.
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] Using client certificate for all connection

2017-03-30 Thread Eliezer Croitoru

As far my understanding goes squid doesn't have this function yet.
Maybe if you will put haproxy(not sure) infront of squid you might be able to 
achieve your goal.

Eliezer


Eliezer Croitoru
Linux System Administrator
Mobile: +972-5-28704261
Email: elie...@ngtech.co.il



-Original Message-
From: squid-users [mailto:squid-users-boun...@lists.squid-cache.org] On Behalf 
Of Juande
Sent: Thursday, March 30, 2017 7:55 PM
To: squid-users@lists.squid-cache.org
Subject: [squid-users] Using client certificate for all connection

Hi

I want to configure squid so every request through the proxy get client 
certificate authenticated.

I need some automatic software audit tools to access to a server that uses 
client certificates to access to its contents.

Any suggestions?

BR
Juan



--
View this message in context: 
http://squid-web-proxy-cache.1019090.n4.nabble.com/Using-client-certificate-for-all-connection-tp4681942.html
Sent from the Squid - Users mailing list archive at Nabble.com.
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] Using client certificate for all connection

2017-03-30 Thread Antony Stone

On Thursday 30 March 2017 at 18:55:09, Juande wrote:

> Hi
> 
> I want to configure squid so every request through the proxy get client
> certificate authenticated.
> 
> I need some automatic software audit tools to access to a server that uses
> client certificates to access to its contents.

Are you saying that you want all client requests, to any server, to be 
authenticated by Squid (or a helper) for the client certificate?

Or are you saying that all requests to a specific server are required to be 
authenticated by client certificate, and Squid is supposed to supply this 
certificate (because the client itself cannot)?

Antony.

-- 
"The tofu battle I saw last weekend was quite brutal."

 - Marija Danute Brigita Kuncaitis

   Please reply to the list;
 please *don't* CC me.
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

[squid-users] Using client certificate for all connection

2017-03-30 Thread Juande

Hi

I want to configure squid so every request through the proxy get client
certificate authenticated.

I need some automatic software audit tools to access to a server that uses
client certificates to access to its contents.

Any suggestions?

BR
Juan



--
View this message in context: 
http://squid-web-proxy-cache.1019090.n4.nabble.com/Using-client-certificate-for-all-connection-tp4681942.html
Sent from the Squid - Users mailing list archive at Nabble.com.
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] Using client certificate for all connection

Re: [squid-users] Using client certificate for all connection

Re: [squid-users] Using client certificate for all connection

Re: [squid-users] Using client certificate for all connection

Re: [squid-users] Using client certificate for all connection

Re: [squid-users] Using client certificate for all connection

Re: [squid-users] Using client certificate for all connection

Re: [squid-users] Using client certificate for all connection

Re: [squid-users] Using client certificate for all connection

Re: [squid-users] Using client certificate for all connection

Re: [squid-users] Using client certificate for all connection

[squid-users] Using client certificate for all connection

12 matches

Site Navigation

Mail list logo

Footer information