Hi Amos, Both have 2 different certificates, below is the squid configuration. Cache_Peer is same for both the URLs ( Same data server and same name)
Old One: WORKING #### Reverse Proxy for WebShop UK #### http_port 10.XX.XX.XX:80 accel vhost defaultsite=webshop.XXX.co.uk name=80013 acl XXXUKwebshop_acl myportname 80013 http_access deny XXXXUKwebshop_acl deny_info https://webshop.XXX.co.uk XXXXUKwebshop_acl ###### https_port 10.XX.XX.XX:443 accel vhost defaultsite=webshop.XXXX.co.uk cert=/etc/squid/certificate/webshop.XXXXX.co.uk.pfx_both.pem name=80014 cache_peer XXX.XXX.int parent 8070 0 no-query originserver name=XXXXUK_webshops acl XXXXUKwebshop_acls myportname 80014 dst XXX.XXX.int cache_peer_access XXXXUK_webshops allow XXXXUKwebshop_acls New One: NOT-WORKING #### Reverse Proxy for WebShopUK #### http_port 10.YY.YY.YY:80 accel vhost defaultsite=webshopuk.YYYY.co.uk name=80013 acl YYYYUKwebshop_acl myportname 80013 http_access deny YYYYUKwebshop_acl deny_info https://webshopuk.YYYY.co.uk YYYYUKwebshop_acl ###### https_port 10.YY.YY.YY:443 accel vhost defaultsite=webshopuk.YYYY.co.uk cert=/etc/squid/certificate/webshopuk.cert.pem name=80014 cache_peer XXX.XXX.int parent 8070 0 no-query originserver name=XXXXUK_webshops acl XXXXUKwebshop_acls myportname 80014 dst XXX.XXX.int cache_peer_access XXXXUK_webshops allow XXXXUKwebshop_acls -----Original Message----- From: squid-users <squid-users-boun...@lists.squid-cache.org> On Behalf Of Amos Jeffries Sent: Thursday, October 18, 2018 8:19 AM To: squid-users@lists.squid-cache.org Subject: [External] Re: [squid-users] SQUID Proxy - SSL Certificate error On 18/10/18 2:31 AM, Vayalpadu, Vedavyas wrote: > Hi All, > > We have an existing SSL certificate for a WebShop URL. It has an > external IP Natted to a Load Balancer and has 2 reverse-squid proxies > configured for load balancing. > > > > Now we need to on-board a new URL with same external IP, Same Load > Balancers and r-Squid proxy servers ? Is it possible. > > > > I have uploaded the new URL certificate and restarted the squid proxy > services, when I try to access the URL iam getting below error, and > Certificate error as below. > > > > Can anyone help me on this ? > OpenSSL builds of Squid do not support multiple certificates per listening port. Squid-4 does support multiple certificates when built with GnuTLS instead of OpenSSL. This is still an experimental feature though, so YMMV. Amos _______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org<mailto:squid-users@lists.squid-cache.org> https://urldefense.proofpoint.com/v2/url?u=http-3A__lists.squid-2Dcache.org_listinfo_squid-2Dusers&d=DwIGaQ&c=eIGjsITfXP_y-DLLX0uEHXJvU8nOHrUK8IrwNKOtkVU&r=tFxAuERmcRdMDY2ODYAvl6bEao1jdCMqbJq7uebMlVg&m=LemWGJCk_zI_BNi880abyP4vFLbKBqpsHNOfwGmWTeg&s=zG-T9PhS7SH74eqtG4DnQIXf0Y-ePm24dqiA7TPV_Ww&e= ________________________________ This message is for the designated recipient only and may contain privileged, proprietary, or otherwise confidential information. If you have received it in error, please notify the sender immediately and delete the original. Any other use of the e-mail by you is prohibited. Where allowed by local law, electronic communications with Accenture and its affiliates, including e-mail and instant messaging (including content), may be scanned by our systems for the purposes of information security and assessment of internal compliance with Accenture policy. Your privacy is important to us. Accenture uses your personal data only in compliance with data protection laws. For further information on how Accenture processes your personal data, please see our privacy statement at https://www.accenture.com/us-en/privacy-policy. ______________________________________________________________________________________ www.accenture.com
_______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users