[squid-users] Squid 3.4.8 Reverse with multiple SSL Sites and multiple Certs/Domains
Amos Jeffries
squid3 at treenet.co.nz
Wed Dec 20 13:43:19 UTC 2017
On 21/12/17 02:27, richard-tx wrote:
> I came up with a solution. What I did was to get one cert that covers
> multiple https websites. Letsencrypt.com permits you to have multiple
> hostnames. The software certbot allows you to put multiple FQDNs in a
> single request or to extend any existing cert. The certs from
> letsencrypt.com is not tied to an IP address, so if your external facing IP
> address changes, that presents no issues.
>
> On the plus side, since all communications between squid and the server are
> over http, that relieves the already busy webserver from the jobs of
> encrypting/decrypting and places it on the reverse proxy. Starting next
> year, letsencrypt will start issuing wildcard certs.
>
Good to know both of those, because since my last reply investigation of
the way OpenSSL API loads certificates is presenting bad news for being
able to load multiple certs any time soon.
Amos
More information about the squid-users
mailing list