On 06/09/2014 10:31 am, Eliezer Croitoru wrote:
Hey Roberto,
Yes but with limitations.
Squid can use only one certificate per ip:port pair.
This leaves you with the only option of using squid with one
certificate that overlaps multiple domains in the form of
"*.domain.com" which will include all domain.com and subdomains.
There is a function which is not in use by squid that is called SNI
which allows the client to request a specific site\domain on the first
stages of the SSL negotiation which allows the service to send a
specific certificate as default and others in a case of a matched
domain from by SNI.
As far as I can tell and remember apache and nginx supports SNI.
Regards,
Eliezer
On 06/09/2014 06:15 PM, Roberto Carna wrote:
Dear, just one question...is it possible to use a Squid reverse proxy
with several SSL sites/certificates, all listening in TCP/443 in the
same public IP ???
Thanks a lot,
Roberto
There is a third option, using Subject Alternative Names on the
certificate (sometimes called UCC, Unified Communications Certificate).
This allows it to be valid for domain1.com, domain2.com, domain3.com,
etc. Far cheaper than a *.domain.com certificate, however the
certificate vendor will have limit as to how many you can use, and
charge more for the additional domains. I use this option on our Squid
Reverse proxy at work (using a 15 domain ucc from GoDaddy.com), however
you should note that all domain names are listed on the certificate. In
our case we are hosting websites for multiple divisions of the same
parent company. It would not be wise to do this if hosting websites for
third party customers, as you wouldn't want to give the impression that
company1 has something to do with company2, and so on.
--
Thanks,
Dean E. Weimer
http://www.dweimer.net/
