So far as I know, hen sslbump is enabled for a port, for each dns name, squid save a cert generated according to dns name and signing key (from http_port configuration). So the next time, the generated cert can be fetched if the same dns host and configured signing key.
Now have a question on this: http_port 10045 ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=4MB key=/opt/bg/deploy/squid/etc/mydlp/ssl/key_10045.pem cert=/opt/bg/deploy/squid/etc/mydlp/ssl/cert_10045.pem http_port 10046 ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=4MB key=/opt/bg/deploy/squid/etc/mydlp/ssl/key_10046.pem cert=/opt/bg/deploy/squid/etc/mydlp/ssl/cert_10046.pem I have two ports configured with SSLBUMP. Each port has its own CA signing key. The desired behavior is that, for the hostname www.foo.com, the certificate generated for the port should use key_10045, and the certificate generated for the port should use key_10046. It seems OK. But, if we look at the ssl_db, only the last generated certificate is cached for www.foo.com. Is it possible to cache the generated certificates by the host and signing key? Alex |
_______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users