Hi All,
Seems that this is potentially a bug in 3.1.10, as we moved to version
3.3.8 and it worked without issue.
Thanks.
Regards,
-Mark
On 8/15/13 11:22 AM, "Lundy, Mark" <MarkLundy_at_fico.com> wrote:
>
>
>Hi There,
>>>
>>>
>>>
>>>squid version : 3.1.10 ( squid-3.1.10-16.el6 )
>>>
>>>We are attempting to authenticate remote connections using SSL client
>>>certificates.
>>>
>>>We have :
>>>
>>>https_port 443 cert=/etc/squid/server_cert.pem
>>>cafile=/etc/squid/extra-clientca-certs.pem
>>>clientca=/etc/pki/tls/cert.pem
>>>sslcontext=id vhost
>>>
>>>
>>>acl clientcert_customer user_cert CN client.customer.net
>>>
>>>acl ourserverpath urlpath_regex ^/client/serverApplication
>>>
>>>acl gateway_inbound dstdomain gateway.ourcompany.net
>>>
>>>
>>>cache_peer 10.10.20.30 parent 4004 0 no-query no-digest originserver
>>>name=ourserverpath_inbound
>>>cache_peer_access ourserverpath_inbound allow clientcert_customer
>>>ourserverpath gateway_inbound
>>>
>>>
>>>
>>>The issue that we seem to be having is that the CN provided in the
>>>client
>>>certificate presented by the customer , doesn't seem to be matching
>>>against the one in the line :
>>>
>>>acl clientcert_customer user_cert CN client.customer.net
>>>
>>>
>>>We can see that the certificate is correct, so we're thinking that the
>>>format for the above line is not quite right.
>>>
>>>Can anyone advise as to what we might be missing in the configuration?
>>>
>>>Any advise is greatly appreciated.
>>>
>>>Thanks.
>>>Regards,
>>>
>>>-Mark
>>>
>
>
>This email and any files transmitted with it are confidential,
>proprietary and intended solely for the individual or entity to whom they
>are addressed. If you have received this email in error please delete it
>immediately.
>
This email and any files transmitted with it are confidential, proprietary and intended solely for the individual or entity to whom they are addressed. If you have received this email in error please delete it immediately.
Received on Fri Aug 16 2013 - 10:57:28 MDT
This archive was generated by hypermail 2.2.0 : Fri Aug 16 2013 - 12:00:05 MDT