Bonjour, I'm stuck with a reverse proxy config. I have one http server with 5 sites (http) and 2 https, 1 OWA & RPC server which also serves logos on port 80. What I want to do : (I'm bad at ASCII art, but i give it a try :) WWW ---- iptables/DNAT --- SQUID --- http 1 --- http 2 ... --- https 1 --- http (acl A_gi) --- https 2 --- OWA I wrote this config file, and http seem's OK, but i don't understand the way https works. I follow the doc at : http://wiki.squid-cache.org/ConfigExamples/Reverse/SslWithWildcardCertifiate but it give 1 certificate for 2 sites, and thus the certificat is not valid when i access the sites. In the graphic, https 1 has a page with a frame which contains a page in an other server which is accessed with http (not s). Thank you for any help. === squid.conf === acl manager proto cache_object acl localhost src 127.0.0.1/32 ::1 acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1 acl localnet src 172.25.53.0/24 acl localnet src 192.168.0.0/16 # RFC1918 possible internal network acl SSL_ports port 443 acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 # https acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl CONNECT method CONNECT http_access allow manager localhost http_access deny manager http_access deny !Safe_ports http_access deny CONNECT !SSL_ports http_access allow localnet http_access allow localhost include /etc/squid/squid.accel.conf http_access deny all http_port 3128 hierarchy_stoplist cgi-bin ? coredump_dir /var/cache refresh_pattern ^ftp: 1440 20% 10080 refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 refresh_pattern . 0 20% 4320 cache_dir ufs /cache 100 16 256 cache_mem 100 MB maximum_object_size_in_memory 10240 KB === end squid.conf === === squid.accel.conf === ## Sites http http_port 80 accel defaultsite=A vhost cache_peer 192.168.13.10 parent 80 0 no-query no-digest originserver name=serveur1 login=PASS acl sites_serveur1 dstdomain A B C D E http_access allow sites_serveur1 cache_peer_access serveur1 allow sites_serveur1 cache_peer_access serveur1 deny all http_access allow sites_serveur1 miss_access allow sites_serveur1 ## Sites https https_port 443 cert=/usr/local/newrprgate/CertAuth/testcert.cert \ key=/usr/local/newrprgate/CertAuth/testkey.pem defaultsite=G vhost acl A_gi urlpath_regex ^/cgams acl sites_cgams dstdomain G H cache_peer 192.168.13.10 parent 443 0 no-query no-digest originserver name=cgams login=PASS cache_peer_access cgams deny A_gi cache_peer_access cgams allow sites_cgams cache_peer 192.168.1.21 parent 80 0 no-query no-digest originserver forceddomain=dom name=gi cache_peer_access gi allow A_gi cache_peer_access gi deny all http_access allow sites_cgams miss_access allow sites_cgams ## Sites OWA cache_peer 192.168.13.44 parent 80 0 no-query no-digest originserver name=xxx80 cache_peer 192.168.13.44 parent 443 0 no-query no-digest originserver connection-auth=on login=PASS front-end-https=on name=xxx acl OWA dstdomain F cache_peer_access xxx allow OWA cache_peer_access xxx80 allow OWA never_direct allow OWA http_access allow OWA miss_access allow OWA === squid.accel.conf ===