SQUID 3 using multiple SSL
-
I can't bind a wildcard certificate because it's a Unified communication certificate with multiple SANs. and I have more than a server that requires this type of certificate.
so for Instance using ADFS "Active directory federation service" requires one SAN certificate, and I have a communication server that requires UC certificate.. you can't use wildcard certificate with any of them.
btw i'm also willing to donate to you Marco. you're doing such a great job that everyone should participate in and send small amount of appreciation to encourage you ;D
-
It will be great ;D
You can private me a message with your funding plans.As it seems others are interested in participating in some part of the funding, perhaps we should discuss it in the open for everyone to join in?
-
Yes, I totally agree. :)
-
Hi Marco,
Should we discuss the funding part of this?
Since we seem to have some mutual understanding on what needs to be done in squid to make this work, perhaps we should discuss what is needed (eg. funding/man hours).
I'm not that familiar with who's what in the squid community, so I don't know whether you're a developer or if we need someone else on this?Regards,
Anders -
Hi all,
I'm not sure yet if this is what i'm looking for.
But here goes…I'm trying to get some clients on a remote site to connect to some apps on the serversite. both sites are connected with an OpenVPN PKI tunnel.
I also have the reverse proxy SQUID3 installed for SSL purposes. Multiple sites are hosted, only 1 WAN-IP.So far al is good and works nicely. Thing is it does the routing on IP and not domain name over the tunnel and just this little hickup is bothering me.
The clients have certificates installed to open the apps but somehow the reverse https proxy does not pass the certificate so they are not able to open the app.Is your 'extension' or 'feature' the thing i need in SQUID3 to make this work?
I've read this could be possible by using a multidomain certificate or with TLS / SNI (both i'm not inventive enough to figure that one out at the moment)Kindest regards,
Stijn
-
Hi
because I actually search for optimizing SSL options for squid I found this tread…
I have written last month already in some other thread that it's easy to create a workaround for it.
-
I create an patch to put certificate chain + private key to special files automatically
-
in SQuiD Proxy Server, "General Options", Box "Custom Options" I wrote additional lines for additional domains:
# special port for https proxying multi domains http_port <ip>:80 accel defaultsite= <domain webserver="">vhost https_port <ip>:443 accel cert=/usr/local/etc/squid/<wildcard>.crt key=/usr/local/etc/squid/<wildcard>.key defaultsite= <domain webserver="">vhost</domain></wildcard></wildcard></ip></domain></ip> -
-
I'm working on a new reverse proxy GUI for squid3-dev package. Maybe this week I finish and publish it.
-
Is it going to support multi SAN certificate and for multiple domains ?
Marco, It would be good to test it. I'll setup a new Pfsense on my lab to test your dev version ..!
i'll report bugs if any found. -
This has not been implemented yet, correct? I can only select one single SSL Cert for HTTPS reverse proxy. I'd need to set a different certificate per subdomain, anyone knows how to do that with a custom setting? Is it supported by the squid3 package?
-
If not is it possible that it'll come on future versions of squid? ???
thanks
MohAlso in need of this feature.
Currently running pound on a separate VM but would like to have my reverse proxy on pfSense. I suppose I could always install pound on the pfsense box but it would be nice to be able to do multiple SSL reverse proxy configs it in the GUI.
