I fixed it, and its working, but I have one issue. It's always using the cert associated with the https_port directive, even when I get a match on the correct cache peer using another cert. - Nick -----Original Message----- From: Amos Jeffries [mailto:squid3@xxxxxxxxxxxxx] Sent: Tuesday, November 10, 2009 5:14 PM To: squid-users@xxxxxxxxxxxxxxx Subject: RE: Reverse proxy, SSL cert for each cache peer On Tue, 10 Nov 2009 09:43:42 -0500, Nick Duda <nduda@xxxxxxxxxxxxxx> wrote: > Ok, let me rephrase my question, can someone help me out with my config > then? Is this correct? > > http_port 80 accel vhost > https_port 443 accel vhost cert=/path/to/cert1.pem > key=/path/to//server1.key > > cache_peer www1.server.com parent 80 0 no-query originserver name=www1_http > cache_peer www2.server.com parent 443 0 no-query originserver ssl > name=www2_ssl sslflags=DONT_VERIFY_PEER cert=/path/to/cert2.pem > key=/path/to/server2.key > cache_peer www3.server.com parent 443 0 no-query originserver ssl > name=ww3_ssl sslflags=DONT_VERIFY_PEER cert=/path/to/cert3.pem > key=/path/to/server3.key > > acl acl_www1http dstdomain www1.server.com > acl acl_www2ssl dstdomain www2.server.com > acl acl_www3ssl dstdomain www3.server.com > > cache_peer_access defaultwww allow acl_www1http > cache_peer_access ssl2 allow acl_www2ssl > cache_peer_access ssl3 allow acl_www3ssl The cache_peer names above don't match the ones used in cache_peer name=XX. Other than that is looks right to me. Amos > > -----Original Message----- > From: Amos Jeffries [mailto:squid3@xxxxxxxxxxxxx] > Sent: Monday, November 09, 2009 5:45 PM > To: Nick Duda > Cc: squid-users@xxxxxxxxxxxxxxx > Subject: Re: Reverse proxy, SSL cert for each cache peer > > On Mon, 9 Nov 2009 13:41:42 -0500, Nick Duda <nduda@xxxxxxxxxxxxxx> wrote: >> Can someone point me to how I can setup squid, to listen on port 443 and >> depending on the URL being asked, to use a certain cache peer with a >> certain SSL cert? I've been doing this for just one cache peer, using by >> just using the cert= key= options on the https_port directive. Can they > be >> used on the cache_peer also? >> >> - Nick > > Yes. > http://www.squid-cache.org/Doc/config/cache_peer > > ... and the config examples in the wiki. > > Amos