Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    SQUID 3 using multiple SSL

    Scheduled Pinned Locked Moved Cache/Proxy
    16 Posts 7 Posters 10.6k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      moh10ly
      last edited by

      I can't bind a wildcard certificate because it's a Unified communication certificate with multiple SANs. and I have more than a server that requires this type of certificate.

      so for Instance using ADFS "Active directory federation service" requires one SAN certificate, and I have a communication server that requires UC certificate.. you can't use wildcard certificate with any of them.

      btw i'm also willing to donate to you Marco. you're doing such a great job that everyone should participate in and send small amount of appreciation to encourage you  ;D

      Power is Knowledge.

      1 Reply Last reply Reply Quote 0
      • S
        Sup3rior
        last edited by

        @marcelloc:

        It will be great  ;D
        You can private me a message with your funding plans.

        As it seems others are interested in participating in some part of the funding, perhaps we should discuss it in the open for everyone to join in?

        1 Reply Last reply Reply Quote 0
        • M
          moh10ly
          last edited by

          Yes, I totally agree.  :)

          Power is Knowledge.

          1 Reply Last reply Reply Quote 0
          • S
            Sup3rior
            last edited by

            Hi Marco,

            Should we discuss the funding part of this?

            Since we seem to have some mutual understanding on what needs to be done in squid to make this work, perhaps we should discuss what is needed (eg. funding/man hours).
            I'm not that familiar with who's what in the squid community, so I don't know whether you're a developer or if we need someone else on this?

            Regards,
            Anders

            1 Reply Last reply Reply Quote 0
            • S
              s.kuppens
              last edited by

              Hi all,

              I'm not sure yet if this is what i'm looking for.
              But here goes…

              I'm trying to get some clients on a remote site to connect to some apps on the serversite. both sites are connected with an OpenVPN PKI tunnel.
              I also have the reverse proxy SQUID3 installed for SSL purposes. Multiple sites are hosted, only 1 WAN-IP.

              So far al is good and works nicely. Thing is it does the routing on IP and not domain name over the tunnel and just this little hickup is bothering me.
              The clients have certificates installed to open the apps but somehow the reverse https proxy does not pass the certificate so they are not able to open the app.

              Is your 'extension' or 'feature' the thing i need in SQUID3 to make this work?
              I've read this could be possible by using a multidomain certificate or with TLS / SNI (both i'm not inventive enough to figure that one out at the moment)

              Kindest regards,

              Stijn

              1 Reply Last reply Reply Quote 0
              • R
                Reiner030
                last edited by

                Hi

                because I actually search for optimizing SSL options for squid I found this tread…

                I have written last month already in some other thread that it's easy to create a workaround for it.

                1. I create an patch to put certificate chain + private key to special files automatically

                2. in SQuiD Proxy Server, "General Options", Box "Custom Options" I wrote additional lines for additional domains:

                # special port for https proxying multi domains
                http_port <ip>:80 accel defaultsite= <domain webserver="">vhost
                https_port <ip>:443 accel cert=/usr/local/etc/squid/<wildcard>.crt key=/usr/local/etc/squid/<wildcard>.key defaultsite= <domain webserver="">vhost</domain></wildcard></wildcard></ip></domain></ip> 
                
                1 Reply Last reply Reply Quote 0
                • marcellocM
                  marcelloc
                  last edited by

                  I'm working on a new reverse proxy GUI for squid3-dev package. Maybe this week I finish and publish it.

                  Treinamentos de Elite: http://sys-squad.com

                  Help a community developer! ;D

                  1 Reply Last reply Reply Quote 0
                  • M
                    moh10ly
                    last edited by

                    Is it going to support multi SAN certificate and for multiple domains ?

                    Marco, It would be good to test it. I'll setup a new Pfsense on my lab to test your dev version ..!
                    i'll report bugs if any found.

                    Power is Knowledge.

                    1 Reply Last reply Reply Quote 0
                    • P
                      Phlogi
                      last edited by

                      This has not been implemented yet, correct? I can only select one single SSL Cert for HTTPS reverse proxy. I'd need to set a different certificate per subdomain, anyone knows how to do that with a custom setting? Is it supported by the squid3 package?

                      1 Reply Last reply Reply Quote 0
                      • C
                        captdragon
                        last edited by

                        @moh10ly:

                        If not is it possible that it'll come on future versions of squid?  ???

                        thanks
                        Moh

                        Also in need of this feature.

                        Currently running pound on a separate VM but would like to have my reverse proxy on pfSense. I suppose I could always install pound on the pfsense box but it would be nice to be able to do multiple SSL reverse proxy configs it in the GUI.

                        1 Reply Last reply Reply Quote 0
                        • First post
                          Last post
                        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.