I suppose you answered my question. I was referring to multiple certificates on one port. Any eta on the 3.2 stable version? Thanks On Fri, Dec 30, 2011 at 6:18 AM, Amos Jeffries <squid3@xxxxxxxxxxxxx> wrote: > >>> >>> On Wed, 28 Dec 2011, Roman Gelfand wrote: >>> >>>> Consider the following configuration lines >>>> >>>> >>>> https_port 443 cert=/etc/apache2/certs/server.pem >>>> key=/etc/apache2/certs/server.key vhost vport >>>> cache_peer 127.0.0.1 parent 8443 0 ssl no-query originserver >>>> sslflags=DONT_VERIFY_PEER front-end-https login=PASS >>>> >>>> What if there is more site ssl sites which I would like to forward, >>>> how can I accomplish that? >>>> >>>> Also, it appears that alternate CN names are not being recognized. >>>> Is there anything to do about that? >>>> >>>> Thanks in advance >>>> > > On 29/12/2011 7:22 a.m., Roman Gelfand wrote: >> >> version 3.16. >> >> >> On Wed, Dec 28, 2011 at 1:21 PM, Pieter De Wit wrote: >>> >>> Hi Roman, >>> >>> What version of Squid are you using ? > > > And how do you define "more site ssl sites which I would like to forward" > ... multiple sites with the same certificate passed to several backend > servers? or, multiple sites with separate certificates? > > Noting that the certificate in 3.1 and earlier Squid is hard-coded into the > config file as one certificate per https_port. > > For multiple different certificates on one port you will need the "dynamic > certificate generator" feature from Squid-3.2. It was created for ssl-bump > ports but with a little tweaking could be used to supply several certs on a > https_port with vhost when the clients send SNI information. No idea if it > actually works yet though, nobody who has tried it has reported back. > > Amos >
