Search squid archive

Re: Squid3 and certificates in a cluster

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



sön 2006-04-09 klockan 21:10 -0700 skrev Discussion Lists:
> Suppose I have two squid3 machines that are clustered, and I want them
> both to offer reverse SSL proxy (depending on whichever is active of
> course).  Assuming that all is set up correctly, couldn't I just keep
> identical copies of the certificate and key on each machine and expect
> Squid3 and the Internet to not know the difference?

Yes.

In fact this is even a MUST for clustered SSL servers as otherwise the
clients will get quite confused if they get different certificates from
the same server..

Please note that it is also important you set the sslcontext differently
on the members of the cluster (or alternatively disable the SSL session
reuse entirely if you have an RSA accelerator chip or lots of spare CPU
time..). If not there is a slight risk of confusion in SSL session reuse
causing random client communication failures.

Regards
Henrik

Attachment: signature.asc
Description: Detta =?ISO-8859-1?Q?=E4r?= en digitalt signerad meddelandedel


[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux