On Wed, 2 Feb 2011 11:15:31 -0500, "Martin \(Jake\) Jacobson" wrote: > Hi, > > I need to configure a proxy box that will proxy a site that requires a > PKI cert. The site requires a chained cert and fails if the cert > presented is unchained. We have a bot that is only presenting its > cert and not the complete chain so it fails the connection.
Sounds like you need to figure out why a non-chained cert was loaded into the bot in the first place. > > I am wondering if we could have squid make the request for the > resource and instead of using the bot's cert, the squid client would > use the chained cert that I have loaded with squid? > > Jake Jacobson To use Squid certs you will need the bot to communicate over unsecured HTTP with Squid. Then you just configure a cache_peer line in Squid presenting the relevant cert to the website. Amos
