As someone else just wrote, if you try and use a cert for web1.com on web3.com you get an error message saying the cert isn't for web3.com.
To answer your question though, the squid.conf file mentions the following, stating that you can run multiple addresses each with their own ssl cert: (this is the conf file for squid-3.0.pre so check your own once you've compiled it with --enable-ssl) # TAG: https_port # Usage: [ip:]port cert=certificate.pem [key=key.pem] [options...] # # The socket address where Squid will listen for HTTPS client # requests. # # This is really only useful for situations where you are running # squid in accelerator mode and you want to do the SSL work at the # accelerator level. # # You may specify multiple socket addresses on multiple lines, # each with their own SSL certificate and/or options. # # Options: # # defaultsite= The name of the https site presented on # this port # Chris -----Original Message----- From: Dan DeLong [mailto:[EMAIL PROTECTED] Sent: Tuesday, June 22, 2004 9:20 AM To: [EMAIL PROTECTED] Subject: Re: [squid-users] reverse proxy / virtual hosting I am setup in a similar way, Internet-end-user----> SSL (serviced by squid) ----> RP ---> backend webserver. But I am hosting sites where each have their own SSL cert. So I think what I'm hearing is that I will not be able to start one Squid instance that can handle multiple different SSL certs ? My goal is to be able to host multiple websites with 1 ip address. Your suggestions are welcome. Thanks. ----- Original Message ----- From: "Chris Perreault" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Tuesday, June 22, 2004 9:07 AM Subject: RE: [squid-users] reverse proxy / virtual hosting > Further thought...on how we are setting it up. > > One ssl cert for www.mycompany.com, resides on the proxy. > > Internet-end-user -->ssl-->rp-->non-ssl ldap-authenticated traffic --> back > end webserver > > With the redirect for each of the back end webservers, you can have a single > cert. You can not have a single cert for two different domains though, > (mycompany.com and mycompany2.com need different certs) > mycompany.com/intranet and mycompany.com/extranet can use the same > cert. > > Chris Perreault > > -----Original Message----- > From: Francois Liot [mailto:[EMAIL PROTECTED] > Sent: Tuesday, June 22, 2004 8:49 AM > To: Dan DeLong > Cc: [EMAIL PROTECTED] > Subject: Re: [squid-users] reverse proxy / virtual hosting > > > As far as I know SSL standart it's unfortunatelly impossible. > > Apache is suffering of the same limitation. > > Regards > > Francois Liot > > On Tue, 2004-06-22 at 14:42, Dan DeLong wrote: > > Hello, > > > > I currently have squid running as a reverse proxy. I have a number > > of squid instances running to handle a number of different websites. > > Each squid instance listens on it's own ip address and handles the > > SSL cert for the incoming web request. My goal is to have squid > > listen on one address to handle multiple websites in essence do > > virtual hosting. Can this be done with squid ? If so, can you > > provide any direction on how to set squid up to do this ? > > > > Thanks. > > > > >
