Re: [squid-users] Reverse proxy: http to https and certificate authentication

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Sun, 01 Feb 2009 20:28:38 +1300

Mailing List SVR wrote:
> Hi all,
>
> I have a soap client using python ZSI, the other end is oracle soa
> 10.1.3.1.0 all works fine since some months. The last week oracle soa
> was configured to accept client certificate authentication over https.
> If I try to use the standard python httplib.HTTPSConnection library it
> fails with the infamous "bad record mac" error and so also ZSI that use
> httplib. Other java tools such as soapui works just fine with oracle
> soa.
>
> Can squid do the hard work for me in the following configuration?
>
> ZSI soap client -> squid proxy over http -> oracle soa https
>
> however squid could be authenticate to oracle soa loading the cert file
> and the cert key from a local file.
>
> So I would like to send my soap request to squid over http and squid
> could connect to oracle soa over https presenting its own client
> certificate (not send from my application but load from local file).
>
> Is this configuration possible?
>
> thanks
> Nicola
>
>

Yes Squid can certainly act as a HTTP->HTTPS proxy for you.
Just configure a normal cache_peer pointing at oracle to using SSL,
  http://www.squid-cache.org/Doc/config/cache_peer/
and configure ZSI to connect to the Squid HTTP port without SSL.

Amos

-- 
Please be using
   Current Stable Squid 2.7.STABLE5 or 3.0.STABLE12
   Current Beta Squid 3.1.0.4
Received on Sun Feb 01 2009 - 07:28:28 MST

This archive was generated by hypermail 2.2.0 : Sun Feb 01 2009 - 12:00:03 MST