[squid-users] Squid Multiple SSL sites and Single IP solution

From: Jesse Smith <jessesmith_at_affinitygs.com>
Date: Mon, 05 Nov 2012 08:27:08 -0600

Hello everyone, thought i'd share our recent endeavor about getting
Squid to work with multiple SSL domains (single set of certs and one IP).

We were able to get that working, but didn't do us much good as we had
to be our own Root CA. We didn't want to have to have the users download
our cert into their browser, just to use our site. In other words,
everything was to remain transparent.

It is impossible to use a Root CA (Commercial like Verisign), because
you would have to have their private key to sign the generated certs.

Our solution was to use the Nginx web server, which supports multiple
SSL domains using a single IP. The server also acts as a reverse proxy.
Nginx uses SNI to get this configuration working.

I only mention this as Squid should do the same and potentially make it
a priority as places are looking for this kind of configuration
increasingly.

Anyway, that's the story ... thanks for reading and hope it will provide
more insight to your own situation if using multiple SSL domains hosted
by a single IP.

Thanks
Received on Mon Nov 05 2012 - 14:27:21 MST

This archive was generated by hypermail 2.2.0 : Mon Nov 05 2012 - 12:00:02 MST