Re: [squid-users] multiple ssl certificates

From: Jan Legenhausen <jleg@dont-contact.us>
Date: Wed, 09 Jul 2003 15:38:11 +0200

--On Mittwoch, 9. Juli 2003 13:47 +0200 Henrik Nordstrom
<hno@squid-cache.org> wrote:

> ons 2003-07-09 klockan 10.41 skrev Jan Legenhausen:
>> Hi,
>>
>> though i found a mail from Henrik (dated Wed Apr 18 2001) talking about
>> using multiple certificates on a https_port, i was not able to figure out
>> how this could be achieved using squid-2.5.STABLE2.
>
> This is technically impossible, not a limitation of Squid.
>
> You can only have a single server certificate per ip:port combination.
> The server certificate exchange is one of the very first things that
> happen, long before the client transmits the request and thus long
> before it can be determined which domain name the client have requested.
>
> https:// is the protocol chain HTTP/SSL/TCP/IP, and as you can see SSL
> runs below HTTP and does not have knowledge of the HTTP content. It just
> encrypts/decrypts the http data.

Thanks for this quick & profound answer! I was a bit confused, cause i
*thought* some webserver (iis?) could handle multiple certs on one ip - but
your explanation sounds logical....
so the solution here might be using a wildcard cert...(if it's the same
sld).

regards, Jan

>
> Regards
> Henrik
>
> --
Received on Wed Jul 09 2003 - 07:34:09 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:17:54 MST