I’m not sure that using transparent sslbump squid will understand how to use client certificate for mutual authentication. At least without transparent ssl bump it doesn’t. Did you try to use trspr-sslbump for client auth? How does squid pick right client certificate for certain host?
Best regards, Ilya Karpov karpof...@gmail.com > 20 февр. 2015 г., в 12:24, Yuri Voinov <yvoi...@gmail.com> написал(а): > > Transparent SSL Bump interception, eh? > > 20.02.15 15:14, Ilya Karpov пишет: >> Hi guys, >> can anyone suggest solution to make following scenario work using squid: >> >> step1. >> Client(actually server application) calls HTTP://example >> <http://example/>.org squid via proxy. >> | >> V >> step2. >> Proxy(Squid) understands that all calls to HTTP://example.org >> <http://example.org/> should be changed to HTTPS://example.org >> <https://example.org/>, trusts CA that uses example.org >> <http://example.org/> and knows client certificate to use for https client >> authentication >> | >> V >> step3. >> Origin(some server in internet) accepts https request, authenticates client, >> returns response >> >> The main aim is to make client know nothing about https complexity (storing >> certificates/keys, knowing specific algorithms etc), and make squid manage >> this things. >> >> >> Best regards, >> Ilya Karpov >> karpof...@gmail.com <mailto:karpof...@gmail.com> >> >> >> >> >> >> _______________________________________________ >> squid-users mailing list >> squid-users@lists.squid-cache.org <mailto:squid-users@lists.squid-cache.org> >> http://lists.squid-cache.org/listinfo/squid-users >> <http://lists.squid-cache.org/listinfo/squid-users> > > _______________________________________________ > squid-users mailing list > squid-users@lists.squid-cache.org > http://lists.squid-cache.org/listinfo/squid-users
_______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
