Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Squid reverse proxy + multiple ssl certificates

    Scheduled Pinned Locked Moved Cache/Proxy
    6 Posts 5 Posters 2.4k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      doublehelix
      last edited by

      Hello,
      I've pfsense running for years now and I must say it's just awesome!
      I recently have installes some webservices which I want to access over wan through a https connection.
      I've set up a squid3 reverse proxy at the moment which is workind fine so far. It looks like this:

      domain1 –----->IP 1---------> port 443 -------> service1
      domain2-------->IP 1---------> port 443-------->service2

      Service 1 gets the ssl certificate from pfsense and works perfect. Service 2 gets the same cert, but is not working correct because of a different domain.
      Is it possible to assign a certificate to specific routes e.g assign cert 1 to the ip from service 1 and cert 2 to the ip of service 2.

      Kind regards
      Herb

      1 Reply Last reply Reply Quote 0
      • ?
        A Former User
        last edited by

        @doublehelix:

        Hello,
        I've pfsense running for years now and I must say it's just awesome!
        I recently have installes some webservices which I want to access over wan through a https connection.
        I've set up a squid3 reverse proxy at the moment which is workind fine so far. It looks like this:

        domain1 –----->IP 1---------> port 443 -------> service1
        domain2-------->IP 1---------> port 443-------->service2

        Service 1 gets the ssl certificate from pfsense and works perfect. Service 2 gets the same cert, but is not working correct because of a different domain.
        Is it possible to assign a certificate to specific routes e.g assign cert 1 to the ip from service 1 and cert 2 to the ip of service 2.

        Kind regards
        Herb

        No need to start a new topic here, as this is literally the exact same scenario I'm encountering; Am I correct in assuming assigning the reverse proxy on Squid to multiple SSL certificates (due to our IIS web server hosing multiple domains, many of which desire to become SSL'd) is impossible?

        Sorry/not sorry for the necropost; I would have been typing the EXACT same thing verbatim.

        1 Reply Last reply Reply Quote 0
        • G
          gregor4711
          last edited by

          same question to this old topic

          have 2 domain wich point to the same official IP4.

          abc.domain1 –----->IP4 aa.bb.cc.dd:443 -------> webservice1
          def.domain2-------->IP4 aa.bb.cc.dd:443-------->webservice2

          The mapping is in general working, but squid is trowing an error, it would not be allowd (since other domain)

          in squid general "External FQDN" only one FQDN allowed.

          any solution for that.

          Same has succes with HA Proxy?

          viktor_gV 1 Reply Last reply Reply Quote 0
          • viktor_gV
            viktor_g Netgate @gregor4711
            last edited by

            @gregor4711

            Feature request created:
            https://redmine.pfsense.org/issues/11200

            G 1 Reply Last reply Reply Quote 1
            • Mister-MagooM
              Mister-Magoo
              last edited by

              It is possible with Haproxy but ... on a independant Haproxy VM.
              I don't know with Haproxy plugin

              PFSense du moment en multiwan

              1 Reply Last reply Reply Quote 0
              • G
                gregor4711 @viktor_g
                last edited by

                @viktor_g
                Hi Viktor any planed release for that?

                Thanks & BR
                Gregor

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.