Hello, I am using squid 3.0 PRE3 as a reverse proxy to secure connections : client <--- HTTPS ---> SQUID <--- HTTP ---> Web Server
I want to accept connections depending on client certificate validation. The client certificate is signed by my own CA and CA certificate is distributed as necessary. The configuration is good without client certificate ACL. But connections always fail when I activate the user_cert ACL. I guess I don't use the right syntax. The help in squid.conf is not detailed enough for me : # acl aclname user_cert attribute values... # # match against attributes in a user SSL certificate # # attribute is one of DN/C/O/CN/L/ST Could you help me with examples ? Here are the main lines of my squid.conf : https_port 443 defaultsite=192.168.x.x protocol=http cert=rproxy.crt key=rproxy.key cafile=myca.crt sslflags=DELAYED_AUTH cache_peer 192.168.x.x parent 80 0 originserver acl Cert_OK user_cert CN="Laurent Derrien" http_access allow Cert_OK http_access deny all Regards, Laurent Derrien
