sön 2006-04-09 klockan 21:10 -0700 skrev Discussion Lists: > Suppose I have two squid3 machines that are clustered, and I want them > both to offer reverse SSL proxy (depending on whichever is active of > course). Assuming that all is set up correctly, couldn't I just keep > identical copies of the certificate and key on each machine and expect > Squid3 and the Internet to not know the difference? Yes. In fact this is even a MUST for clustered SSL servers as otherwise the clients will get quite confused if they get different certificates from the same server.. Please note that it is also important you set the sslcontext differently on the members of the cluster (or alternatively disable the SSL session reuse entirely if you have an RSA accelerator chip or lots of spare CPU time..). If not there is a slight risk of confusion in SSL session reuse causing random client communication failures. Regards Henrik
Attachment:
signature.asc
Description: Detta =?ISO-8859-1?Q?=E4r?= en digitalt signerad meddelandedel
