Great advice, thank you! > -----Original Message----- > From: Henrik Nordstrom [mailto:henrik@xxxxxxxxxxxxxxxxxxx] > Sent: Monday, April 10, 2006 2:18 AM > To: Discussion Lists > Cc: squid-users@xxxxxxxxxxxxxxx > Subject: Re: Squid3 and certificates in a cluster > > > sön 2006-04-09 klockan 21:10 -0700 skrev Discussion Lists: > > Suppose I have two squid3 machines that are clustered, and > I want them > > both to offer reverse SSL proxy (depending on whichever is > active of > > course). Assuming that all is set up correctly, couldn't I > just keep > > identical copies of the certificate and key on each machine > and expect > > Squid3 and the Internet to not know the difference? > > Yes. > > In fact this is even a MUST for clustered SSL servers as > otherwise the clients will get quite confused if they get > different certificates from the same server.. > > Please note that it is also important you set the sslcontext > differently on the members of the cluster (or alternatively > disable the SSL session reuse entirely if you have an RSA > accelerator chip or lots of spare CPU time..). If not there > is a slight risk of confusion in SSL session reuse causing > random client communication failures. > > Regards > Henrik >
