[squid-users] [External] Re: SQUID Proxy - SSL Certificate error

Vayalpadu, Vedavyas vedavyas.vayalpadu at accenture.com
Thu Oct 18 09:28:51 UTC 2018 

Hi Amos,

Both have 2 different certificates, below is the squid configuration. Cache_Peer is same for both the URLs ( Same data server and same name)

Old One: WORKING

#### Reverse Proxy for WebShop UK ####
http_port 10.XX.XX.XX:80 accel vhost defaultsite=webshop.XXX.co.uk name=80013
acl XXXUKwebshop_acl myportname 80013
http_access deny XXXXUKwebshop_acl
deny_info https://webshop.XXX.co.uk XXXXUKwebshop_acl
######
https_port 10.XX.XX.XX:443 accel vhost defaultsite=webshop.XXXX.co.uk cert=/etc/squid/certificate/webshop.XXXXX.co.uk.pfx_both.pem name=80014
cache_peer XXX.XXX.int parent 8070 0 no-query originserver name=XXXXUK_webshops
acl XXXXUKwebshop_acls myportname 80014 dst XXX.XXX.int
cache_peer_access XXXXUK_webshops allow XXXXUKwebshop_acls


New One: NOT-WORKING

#### Reverse Proxy for WebShopUK ####
http_port 10.YY.YY.YY:80 accel vhost defaultsite=webshopuk.YYYY.co.uk name=80013
acl YYYYUKwebshop_acl myportname 80013
http_access deny YYYYUKwebshop_acl
deny_info https://webshopuk.YYYY.co.uk YYYYUKwebshop_acl
######
https_port 10.YY.YY.YY:443 accel vhost defaultsite=webshopuk.YYYY.co.uk cert=/etc/squid/certificate/webshopuk.cert.pem name=80014
cache_peer XXX.XXX.int parent 8070 0 no-query originserver name=XXXXUK_webshops
acl XXXXUKwebshop_acls myportname 80014 dst XXX.XXX.int
cache_peer_access XXXXUK_webshops allow XXXXUKwebshop_acls





-----Original Message-----
From: squid-users <squid-users-bounces at lists.squid-cache.org> On Behalf Of Amos Jeffries
Sent: Thursday, October 18, 2018 8:19 AM
To: squid-users at lists.squid-cache.org
Subject: [External] Re: [squid-users] SQUID Proxy - SSL Certificate error

On 18/10/18 2:31 AM, Vayalpadu, Vedavyas wrote:
> Hi All,
>
> We have an existing SSL certificate for a WebShop URL. It has an
> external IP Natted to a Load Balancer and has 2 reverse-squid proxies
> configured for load balancing.
>
>
>
> Now we need to on-board a new URL with same external IP, Same Load
> Balancers and r-Squid proxy servers ? Is it possible.
>
>
>
> I have uploaded the new URL certificate and restarted the squid proxy
> services, when I try to access the URL iam getting below error, and
> Certificate error as below.
>
>
>
> Can anyone help me on this ?
>

OpenSSL builds of Squid do not support multiple certificates per listening port.

Squid-4 does support multiple certificates when built with GnuTLS instead of OpenSSL. This is still an experimental feature though, so YMMV.

Amos
_______________________________________________
squid-users mailing list
squid-users at lists.squid-cache.org<mailto:squid-users at lists.squid-cache.org>
https://urldefense.proofpoint.com/v2/url?u=http-3A__lists.squid-2Dcache.org_listinfo_squid-2Dusers&d=DwIGaQ&c=eIGjsITfXP_y-DLLX0uEHXJvU8nOHrUK8IrwNKOtkVU&r=tFxAuERmcRdMDY2ODYAvl6bEao1jdCMqbJq7uebMlVg&m=LemWGJCk_zI_BNi880abyP4vFLbKBqpsHNOfwGmWTeg&s=zG-T9PhS7SH74eqtG4DnQIXf0Y-ePm24dqiA7TPV_Ww&e=



  ________________________________

This message is for the designated recipient only and may contain privileged, proprietary, or otherwise confidential information. If you have received it in error, please notify the sender immediately and delete the original. Any other use of the e-mail by you is prohibited. Where allowed by local law, electronic communications with Accenture and its affiliates, including e-mail and instant messaging (including content), may be scanned by our systems for the purposes of information security and assessment of internal compliance with Accenture policy. Your privacy is important to us. Accenture uses your personal data only in compliance with data protection laws. For further information on how Accenture processes your personal data, please see our privacy statement at https://www.accenture.com/us-en/privacy-policy.
______________________________________________________________________________________

www.accenture.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20181018/6c82d8b5/attachment.html>

More information about the squid-users mailing list