On 6/20/22 04:49, Honey Bajaj wrote:
as a part of Enterprise security and consolidation, we are asked to
onboard a commercial SaaS based proxy solution. This solution requires a
SSL certificate to be embedded in every application which a commercial
vendor has shared with us. To simplify this process, we are evaluating
if Squid can play following role:
Application (no ssl configuration) --> Squid (Upstream configuration
hosting SaaS client certificate) --> SaaS Proxy --> ExternalURL
kindly suggest if this can be achieved.
Yes, if SaaS Proxy is an HTTPS proxy, then Squid can be configured to
authenticate itself using a configured client certificate while talking
TLS to that SaaS proxy. Here is a (somewhat redundant by explicit)
configuration sketch to get you started:
cache_peer ... parent tls sslcert=squid.pem ...
nonhierarchical_direct off
never_direct allow all
always_direct deny all
The "tls" option is spelled "ssl" in earlier Squids IIRC.
See squid.conf.documented for details.
squid-users mailing list