On Wed, 28 Dec 2011, Roman Gelfand wrote:
Consider the following configuration lines
https_port 443 cert=/etc/apache2/certs/server.pem
key=/etc/apache2/certs/server.key vhost vport
cache_peer 127.0.0.1 parent 8443 0 ssl no-query originserver
sslflags=DONT_VERIFY_PEER front-end-https login=PASS
What if there is more site ssl sites which I would like to forward,
how can I accomplish that?
Also, it appears that alternate CN names are not being recognized.
Is there anything to do about that?
Thanks in advance
On 29/12/2011 7:22 a.m., Roman Gelfand wrote:
version 3.16.
On Wed, Dec 28, 2011 at 1:21 PM, Pieter De Wit wrote:
Hi Roman,
What version of Squid are you using ?
And how do you define "more site ssl sites which I would like to
forward" ... multiple sites with the same certificate passed to several
backend servers? or, multiple sites with separate certificates?
Noting that the certificate in 3.1 and earlier Squid is hard-coded into
the config file as one certificate per https_port.
For multiple different certificates on one port you will need the
"dynamic certificate generator" feature from Squid-3.2. It was created
for ssl-bump ports but with a little tweaking could be used to supply
several certs on a https_port with vhost when the clients send SNI
information. No idea if it actually works yet though, nobody who has
tried it has reported back.
Amos
