Re: [squid-users] Reverse Proxy Configuration

From: Roman Gelfand <rgelfand2_at_gmail.com>
Date: Sat, 31 Dec 2011 21:56:29 -0500

I suppose you answered my question. I was referring to multiple
certificates on one port.

Any eta on the 3.2 stable version?

Thanks

On Fri, Dec 30, 2011 at 6:18 AM, Amos Jeffries <squid3_at_treenet.co.nz> wrote:
>
>>>
>>> On Wed, 28 Dec 2011, Roman Gelfand wrote:
>>>
>>>> Consider the following configuration lines
>>>>
>>>>
>>>> https_port 443 cert=/etc/apache2/certs/server.pem
>>>> key=/etc/apache2/certs/server.key vhost vport
>>>> cache_peer 127.0.0.1 parent 8443 0 ssl no-query originserver
>>>> sslflags=DONT_VERIFY_PEER front-end-https login=PASS
>>>>
>>>> What if there is more site ssl sites which I would like to forward,
>>>> how can I accomplish that?
>>>>
>>>> Also, it appears that alternate CN names are not being recognized.
>>>> Is there anything to do about that?
>>>>
>>>> Thanks in advance
>>>>
>
> On 29/12/2011 7:22 a.m., Roman Gelfand wrote:
>>
>> version 3.16.
>>
>>
>> On Wed, Dec 28, 2011 at 1:21 PM, Pieter De Wit wrote:
>>>
>>> Hi Roman,
>>>
>>> What version of Squid are you using ?
>
>
> And how do you define "more site ssl sites which I would like to forward"
> ...  multiple sites with the same certificate passed to several backend
> servers? or, multiple sites with separate certificates?
>
> Noting that the certificate in 3.1 and earlier Squid is hard-coded into the
> config file as one certificate per https_port.
>
> For multiple different certificates on one port you will need the "dynamic
> certificate generator" feature from Squid-3.2. It was created for ssl-bump
> ports but with a little tweaking could be used to supply several certs on a
> https_port with vhost when the clients send SNI information. No idea if it
> actually works yet though, nobody who has tried it has reported back.
>
> Amos
>
Received on Sun Jan 01 2012 - 02:56:37 MST

This archive was generated by hypermail 2.2.0 : Sun Jan 01 2012 - 12:00:03 MST