Re: [squid-users] Reverse proxy: http to https and certificate authentication

From: Mailing List SVR <lists_at_svrinformatica.it>
Date: Sun, 01 Feb 2009 09:07:47 +0100

Il giorno dom, 01/02/2009 alle 20.28 +1300, Amos Jeffries ha scritto:
> Mailing List SVR wrote:
> > Hi all,
> >
> > I have a soap client using python ZSI, the other end is oracle soa
> > 10.1.3.1.0 all works fine since some months. The last week oracle soa
> > was configured to accept client certificate authentication over https.
> > If I try to use the standard python httplib.HTTPSConnection library it
> > fails with the infamous "bad record mac" error and so also ZSI that use
> > httplib. Other java tools such as soapui works just fine with oracle
> > soa.
> >
> > Can squid do the hard work for me in the following configuration?
> >
> > ZSI soap client -> squid proxy over http -> oracle soa https
> >
> > however squid could be authenticate to oracle soa loading the cert file
> > and the cert key from a local file.
> >
> > So I would like to send my soap request to squid over http and squid
> > could connect to oracle soa over https presenting its own client
> > certificate (not send from my application but load from local file).
> >
> > Is this configuration possible?
> >
> > thanks
> > Nicola
> >
> >
>
> Yes Squid can certainly act as a HTTP->HTTPS proxy for you.
> Just configure a normal cache_peer pointing at oracle to using SSL,
> http://www.squid-cache.org/Doc/config/cache_peer/
> and configure ZSI to connect to the Squid HTTP port without SSL.

thanks but squid need to present a client certificate to authenticate
against oracle, cache peer seems lack directive to specify certificate,

Nicola

>
> Amos
Received on Sun Feb 01 2009 - 08:08:05 MST

This archive was generated by hypermail 2.2.0 : Sun Feb 01 2009 - 12:00:03 MST