<html><head><meta http-equiv="Content-Type" content="text/html; charset=utf-8"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;" class=""><div class="">Hi,</div><div class=""><br class=""></div><div class="">I had a similar issue using the wordpress-varnish plugin and our large multi-site install. I had to completely re-write the code to use curl as opposed to fsockopen, but for the certificate issue I used the curl option to ignore certificate errors. You may be able to simply add a line to the plugin code. We were able to do this since we had security in place that wouldn’t allow BAN from any other systems. </div><div class=""><br class=""></div><div class="">Jason</div>
<div><br class=""><blockquote type="cite" class=""><div class="">On Nov 3, 2017, at 4:28 AM, Guillaume Quintard <<a href="mailto:guillaume@varnish-software.com" class="">guillaume@varnish-software.com</a>> wrote:</div><br class="Apple-interchange-newline"><div class=""><div dir="ltr" class="">To answer the HTTPS question, client-side HTTPS is easily done using hitch (<a href="http://hitch-tls.org/" target="_blank" class="">hitch-tls.org</a>), for the backend-side, you would need Varnish Plus.<div class=""><br class=""></div><div class="">But you are saying Amazon provides the certificates, so my guess is that the LB does the termination arrive unencrypted to Varnish.</div><div class=""><br class=""></div><div class="">Do the curl error, does the host used matches the certificate?</div></div><div class="gmail_extra"><br clear="all" class=""><div class=""><div class="gmail_signature" data-smartmail="gmail_signature"><div dir="ltr" class=""><div class="">-- <br class=""></div>Guillaume Quintard<br class=""></div></div></div>
<br class=""><div class="gmail_quote">On Fri, Nov 3, 2017 at 9:18 AM, Luca Gervasi <span dir="ltr" class=""><<a href="mailto:luca.gervasi@gmail.com" target="_blank" class="">luca.gervasi@gmail.com</a>></span> wrote:<br class=""><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr" class="">Hi,<div class="">this is totally unrelated to varnish. If you want to achieve purging, you can safely stay http and purge locally (if you are using a load balancer in front of your delivery, you either have just one varnish - hence purge locally - or your purges are inconsistently distributed among all your caches).</div><div class=""><br class=""></div><div class="">Bye</div></div><br class=""><div class="gmail_quote"><div class=""><div class="h5"><div dir="ltr" class="">On Fri, 3 Nov 2017 at 08:31 Navneet Kashyap <<a href="mailto:navneet.kashyap@webners.com" target="_blank" class="">navneet.kashyap@webners.com</a>> wrote:<br class=""></div></div></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div class=""><div class="h5"><div dir="ltr" class="">Hi <br class=""><div class="gmail_extra"><br class=""></div><div class="gmail_extra">I was using varnish-cahe (open source) for my wordpress website, it was running well when its on HTTP only, but when i turn it to HTTPS its giving me error message when testing status using plugin in wordpress i.e.<strong class=""> </strong><strong style="font-weight: 600; display: block; margin-bottom: 0.2em; font-size: 14px; font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen-Sans, Ubuntu, Cantarell, "Helvetica Neue", sans-serif; font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: nowrap; word-spacing: 0px;" class="">Varnish HTTP Purge</strong></div><div class="gmail_extra"><span style="color:rgb(85,85,85);font-family:-apple-system,BlinkMacSystemFont,"Segoe UI",Roboto,Oxygen-Sans,Ubuntu,Cantarell,"Helvetica Neue",sans-serif;font-size:13px;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial;display:inline;float:none" class="">Error: This request cannot be performed: cURL error 60: Issuer certificate is invalid.</span></div><div class="gmail_extra"><div class=""><div class="m_3882973277326529633m_-352215337937240982gmail_signature"><div dir="ltr" class=""><div class=""><div dir="ltr" class=""><div class=""><div dir="ltr" class=""><div class=""><div dir="ltr" class=""><div class=""><div dir="ltr" class=""><div class=""><div dir="ltr" class=""><div class=""><div class=""><div class=""><span style="" class=""><font style="background-color:rgb(255,255,255)" size="2" class=""><br class=""></font></span></div><div class=""><span style="" class=""><font style="background-color:rgb(255,255,255)" size="2" class="">please check the screenshot also.</font></span></div><div class=""><span style="" class=""><font style="background-color:rgb(255,255,255)" size="2" class=""><span id="cid:ii_15f80c76520a2816"><image.png></span><br class=""></font></span></div><div class=""><span style="" class=""><font style="background-color:rgb(255,255,255)" size="2" class=""><br class=""></font></span></div><div class=""><span style="" class=""><font style="background-color:rgb(255,255,255)" size="2" class="">Currently the flow is like this:</font></span></div><div class=""><span style="" class=""><font style="background-color:rgb(255,255,255)" size="2" class="">client--> HTTPS request--> AWS load balancer --> Varnish--> apache2.</font></span></div><div class=""><span style="" class=""><font style="background-color:rgb(255,255,255)" size="2" class=""><br class=""></font></span></div><div class=""><span style="" class=""><font style="background-color:rgb(255,255,255)" size="2" class="">we are using self-signed certs for backend authentication settings in AWS-load balancer, and using AMAZON provided CA-certs (using certificate manager)</font></span></div><div class=""><span style="" class=""><font style="background-color:rgb(255,255,255)" size="2" class=""><br class=""></font></span></div><div class=""><span style="" class=""><font style="background-color:rgb(255,255,255)" size="2" class=""> Note: Is this possible in varnish-cache software (open-Source) or else we have to buy varnish-cache plus software (Paid Version). or we have to busy CA-certs for that domain. ?<br class=""></font></span></div><div class=""><span style="" class=""><font style="background-color:rgb(255,255,255)" size="2" class=""><br class=""></font></span></div><div class=""><span style="" class=""><font style="background-color:rgb(255,255,255)" size="2" class="">kindly guide us.</font></span></div><div class=""><span style="" class=""><font style="background-color:rgb(255,255,255)" size="2" class=""><br class=""></font></span></div><div class=""><span style="" class=""><font style="background-color:rgb(255,255,255)" size="2" class=""><br class=""></font></span></div><div class=""><span style="" class=""><font style="background-color:rgb(255,255,255)" size="2" class="">Thanks and Regards<br class=""><br class=""></font></span><font color="#888888" class=""><div class=""><span style="" class=""><font style="background-color:rgb(255,255,255)" size="2" class="">Navneet Kashyap<br class=""></font></span></div><div class=""><span style="" class=""><font style="background-color:rgb(255,255,255)" size="2" class="">Sr. System Administrator - Webner Solutions Pvt. Ltd.</font></span></div><div class=""><span style="" class=""><font size="2" class="">Web - <a href="http://www.webners.com/" target="_blank" class="">www.webnersolutions.com</a></font></span></div><div class=""><a href="http://www.webnersolutions.com/" target="_blank" class=""><img src="http://www.webnersolutions.com/wp-content/uploads/2014/09/webners-logo-1.png" alt="Zoho Development, Salesforce Development, Web and Mobile App Development" height="65" width="175" class=""></a></div></font></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div>
<br class=""></div></div></div></div>
______________________________<wbr class="">_________________<br class="">
varnish-misc mailing list<br class="">
<a href="mailto:varnish-misc@varnish-cache.org" target="_blank" class="">varnish-misc@varnish-cache.org</a><br class="">
<a href="https://www.varnish-cache.org/lists/mailman/listinfo/varnish-misc" rel="noreferrer" target="_blank" class="">https://www.varnish-cache.org/<wbr class="">lists/mailman/listinfo/<wbr class="">varnish-misc</a></blockquote></div>
<br class="">______________________________<wbr class="">_________________<br class="">
varnish-misc mailing list<br class="">
<a href="mailto:varnish-misc@varnish-cache.org" class="">varnish-misc@varnish-cache.org</a><br class="">
<a href="https://www.varnish-cache.org/lists/mailman/listinfo/varnish-misc" rel="noreferrer" target="_blank" class="">https://www.varnish-cache.org/<wbr class="">lists/mailman/listinfo/<wbr class="">varnish-misc</a><br class=""></blockquote></div><br class=""></div>
_______________________________________________<br class="">varnish-misc mailing list<br class=""><a href="mailto:varnish-misc@varnish-cache.org" class="">varnish-misc@varnish-cache.org</a><br class="">https://www.varnish-cache.org/lists/mailman/listinfo/varnish-misc</div></blockquote></div><br class=""></body></html>