<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="Generator" content="Microsoft Exchange Server">
<!-- converted from rtf -->
<style><!-- .EmailQuote { margin-left: 1pt; padding-left: 4pt; border-left: #800000 2px solid; } --></style>
</head>
<body>
<font face="Arial" size="2"><span style="font-size:10pt;">
<div><font color="#385623">Hi Amos,</font></div>
<div><font color="#385623"> </font></div>
<div><font color="#385623">Both have 2 different certificates, below is the squid configuration. Cache_Peer is same for both the URLs ( Same data server and same name)</font></div>
<div><font color="#385623"> </font></div>
<div><font color="#385623">Old One: WORKING</font></div>
<div><font color="#385623"> </font></div>
<div><font face="Consolas" size="2" color="#385623"><span style="font-size:9pt;"><b>#### Reverse Proxy for WebShop UK ####</b></span></font></div>
<div><font face="Consolas" size="2" color="#385623"><span style="font-size:9pt;"><b>http_port 10.</b><b>XX</b><b>.</b><b>XX</b><b>.</b><b>XX</b><b>:80 accel vhost defaultsite=webshop.</b><b>XXX</b><b>.co.uk name=80013</b></span></font></div>
<div><font face="Consolas" size="2" color="#385623"><span style="font-size:9pt;"><b>acl </b><b>XXX</b><b>UKwebshop_acl myportname 80013</b></span></font></div>
<div><font face="Consolas" size="2" color="#385623"><span style="font-size:9pt;"><b>http_access deny </b><b>XXXX</b><b>UKwebshop_acl</b></span></font></div>
<div><font face="Consolas" size="2" color="#385623"><span style="font-size:9pt;"><b>deny_info
<a href="https://webshop">https://webshop</a>.</b><b>XXX</b><b>.co.uk </b><b>XXXX</b><b>UKwebshop_acl</b></span></font></div>
<div><font face="Consolas" size="2" color="#385623"><span style="font-size:9pt;"><b>######</b></span></font></div>
<div><font face="Consolas" size="2" color="#385623"><span style="font-size:9pt;"><b>https_port 10.</b><b>XX</b><b>.</b><b>XX</b><b>.</b><b>XX</b><b>:443 accel vhost defaultsite=webshop.</b><b>XXXX</b><b>.co.uk cert=/etc/squid/certificate/webshop.</b><b>XXXXX</b><b>.co.uk.pfx_both.pem
name=80014</b></span></font></div>
<div><font face="Consolas" size="2" color="#385623"><span style="font-size:9pt;"><b>cache_peer </b><b>XXX</b><b>.</b><b>XXX</b><b>.int parent 8070 0 no-query originserver name=</b><b>XXXX</b><b>UK_webshops</b></span></font></div>
<div><font face="Consolas" size="2" color="#385623"><span style="font-size:9pt;"><b>acl </b><b>XXXX</b><b>UKwebshop_acls myportname 80014 dst </b><b>XXX.XXX.int</b></span></font></div>
<div><font face="Consolas" size="2" color="#385623"><span style="font-size:9pt;"><b>cache_peer_access </b><b>XXXX</b><b>UK_webshops allow </b><b>XXXX</b><b>UKwebshop_acls</b></span></font></div>
<div><font color="#385623"> </font></div>
<div><font color="#385623"> </font></div>
<div><font color="#385623">New One: NOT-WORKING</font></div>
<div><font color="#385623"> </font></div>
<div><font face="Consolas" size="2" color="#385623"><span style="font-size:9pt;"><b>#### Reverse Proxy for WebShopUK ####</b></span></font></div>
<div><font face="Consolas" size="2" color="#385623"><span style="font-size:9pt;"><b>http_port 10.</b><b>YY</b><b>.</b><b>YY</b><b>.</b><b>YY</b><b>:80 accel vhost defaultsite=webshopuk.</b><b>YYYY</b><b>.co.uk name=80013</b></span></font></div>
<div><font face="Consolas" size="2" color="#385623"><span style="font-size:9pt;"><b>acl </b><b>YYYY</b><b>UKwebshop_acl myportname 80013</b></span></font></div>
<div><font face="Consolas" size="2" color="#385623"><span style="font-size:9pt;"><b>http_access deny </b><b>YYYY</b><b>UKwebshop_acl</b></span></font></div>
<div><font face="Consolas" size="2" color="#385623"><span style="font-size:9pt;"><b>deny_info
<a href="https://webshopuk">https://webshopuk</a>.</b><b>YYYY</b><b>.co.uk </b><b>YYYY</b><b>UKwebshop_acl</b></span></font></div>
<div><font face="Consolas" size="2" color="#385623"><span style="font-size:9pt;"><b>######</b></span></font></div>
<div><font face="Consolas" size="2" color="#385623"><span style="font-size:9pt;"><b>https_port 10.</b><b>YY</b><b>.</b><b>YY</b><b>.</b><b>YY</b><b>:443 accel vhost defaultsite=webshopuk.</b><b>YYYY</b><b>.co.uk cert=/etc/squid/certificate/webshopuk.cert.pem
name=80014</b></span></font></div>
<div><font face="Consolas" size="2" color="#385623"><span style="font-size:9pt;"><b>cache_peer </b><b>XXX</b><b>.</b><b>XXX</b><b>.int parent 8070 0 no-query originserver name=</b><b>XXXX</b><b>UK_webshops</b></span></font></div>
<div><font face="Consolas" size="2" color="#385623"><span style="font-size:9pt;"><b>acl </b><b>XXXX</b><b>UKwebshop_acls myportname 80014 dst XXX.XXX.int</b></span></font></div>
<div><font face="Consolas" size="2" color="#385623"><span style="font-size:9pt;"><b>cache_peer_access </b><b>XXXX</b><b>UK_webshops allow </b><b>XXXX</b><b>UKwebshop_acls</b></span></font></div>
<div><font color="#385623"> </font></div>
<div><font color="#385623"> </font></div>
<div><font color="#385623"> </font></div>
<div><font color="#385623"> </font></div>
<div><font color="#385623"> </font></div>
<div><font color="#385623">-----Original Message-----<br>
From: squid-users <squid-users-bounces@lists.squid-cache.org> On Behalf Of Amos Jeffries<br>
Sent: Thursday, October 18, 2018 8:19 AM<br>
To: squid-users@lists.squid-cache.org<br>
Subject: [External] Re: [squid-users] SQUID Proxy - SSL Certificate error</font></div>
<div><font color="#385623"> </font></div>
<div><font color="#385623">On 18/10/18 2:31 AM, Vayalpadu, Vedavyas wrote:</font></div>
<div><font color="#385623">> Hi All,</font></div>
<div><font color="#385623">> </font></div>
<div><font color="#385623">> We have an existing SSL certificate for a WebShop URL. It has an </font></div>
<div><font color="#385623">> external IP Natted to a Load Balancer and has 2 reverse-squid proxies </font></div>
<div><font color="#385623">> configured for load balancing.</font></div>
<div><font color="#385623">> </font></div>
<div><font color="#385623">> </font></div>
<div><font color="#385623">> </font></div>
<div><font color="#385623">> Now we need to on-board a new URL with same external IP, Same Load </font></div>
<div><font color="#385623">> Balancers and r-Squid proxy servers ? Is it possible.</font></div>
<div><font color="#385623">> </font></div>
<div><font color="#385623">> </font></div>
<div><font color="#385623">> </font></div>
<div><font color="#385623">> I have uploaded the new URL certificate and restarted the squid proxy </font></div>
<div><font color="#385623">> services, when I try to access the URL iam getting below error, and </font></div>
<div><font color="#385623">> Certificate error as below.</font></div>
<div><font color="#385623">> </font></div>
<div><font color="#385623">> </font></div>
<div><font color="#385623">> </font></div>
<div><font color="#385623">> Can anyone help me on this ?</font></div>
<div><font color="#385623">> </font></div>
<div><font color="#385623"> </font></div>
<div><font color="#385623">OpenSSL builds of Squid do not support multiple certificates per listening port.</font></div>
<div><font color="#385623"> </font></div>
<div><font color="#385623">Squid-4 does support multiple certificates when built with GnuTLS instead of OpenSSL. This is still an experimental feature though, so YMMV.</font></div>
<div><font color="#385623"> </font></div>
<div><font color="#385623">Amos</font></div>
<div><font color="#385623">_______________________________________________</font></div>
<div><font color="#385623">squid-users mailing list</font></div>
<div><font color="#385623"><a href="mailto:squid-users@lists.squid-cache.org">squid-users@lists.squid-cache.org</a></font></div>
<div><font color="#385623"><a href="https://urldefense.proofpoint.com/v2/url?u=http-3A__lists.squid-2Dcache.org_listinfo_squid-2Dusers&d=DwIGaQ&c=eIGjsITfXP_y-DLLX0uEHXJvU8nOHrUK8IrwNKOtkVU&r=tFxAuERmcRdMDY2ODYAvl6bEao1jdCMqbJq7uebMlVg&m=LemWGJCk_zI_BNi880abyP4vFLbKBqpsHNOfwGmWTeg&s=zG-T9PhS7SH74eqtG4DnQIXf0Y-ePm24dqiA7TPV_Ww&e">https://urldefense.proofpoint.com/v2/url?u=http-3A__lists.squid-2Dcache.org_listinfo_squid-2Dusers&d=DwIGaQ&c=eIGjsITfXP_y-DLLX0uEHXJvU8nOHrUK8IrwNKOtkVU&r=tFxAuERmcRdMDY2ODYAvl6bEao1jdCMqbJq7uebMlVg&m=LemWGJCk_zI_BNi880abyP4vFLbKBqpsHNOfwGmWTeg&s=zG-T9PhS7SH74eqtG4DnQIXf0Y-ePm24dqiA7TPV_Ww&e</a>=</font></div>
<div><font color="#385623"> </font></div>
<div><font face="Times New Roman" size="3"><span style="font-size:12pt;"><br>
</span></font></div>
<div><font face="Times New Roman" size="3"><span style="font-size:12pt;"><u> ________________________________ </u></span></font></div>
<div><font face="Times New Roman" size="3" color="gray"><span style="font-size:12pt;"><br>
<font face="Arial" size="1"><span style="font-size:7.5pt;">This message is for the designated recipient only and may contain privileged, proprietary, or otherwise confidential information. If you have received it in error, please notify the sender immediately
and delete the original. Any other use of the e-mail by you is prohibited. Where allowed by local law, electronic communications with Accenture and its affiliates, including e-mail and instant messaging (including content), may be scanned by our systems for
the purposes of information security and assessment of internal compliance with Accenture policy. Your privacy is important to us. Accenture uses your personal data only in compliance with data protection laws. For further information on how Accenture processes
your personal data, please see our privacy statement at <a href="https://www.accenture.com/us-en/privacy-policy">
https://www.accenture.com/us-en/privacy-policy</a>. <br>
</span></font><font face="Arial" size="1"><span style="font-size:7.5pt;">______________________________________________________________________________________<br>
<br>
</span></font><font face="Arial" size="1"><span style="font-size:7.5pt;"><a href="http://www.accenture.com">www.accenture.com</a><br>
</span></font></span></font></div>
</span></font>
</body>
</html>