Re: ssl branch compile problems

How to create a self-signed certificate:

openssl req -new -nodes -x509 -out filename.pem -keyout filename.pem

Make sure that the "CN/Common Name" is set to your official server name.

Or reuse the certificate you have for your Apache server. A SSL
certificate is for a certain host/domainname, not a specific service on
that host.

I will look into cleaning up the accelerator options. Noticed some
inconsistencies in how the SSL patch handled Host headers and port
numbers and protocol names..

--
Henrik Nordstrom
Henk-Jan Kloosterman wrote:
> 
> OK Got it working (forced the /etc/httpd/conf/key* directories to be owned
> by the squid users)
> 
> To do for me:
> Prevent apache from using the https port (got squid-ssl on port 80 now)
> Find out ho to make my own certifcates owned by squid.
> 
> I will keep you posted.
> 
> ----- Original Message -----
> From: "Henrik Nordstrom" <hno@hem.passagen.se>
> To: "Henk-Jan Kloosterman" <proxy@kloosterman.org>
> Cc: <squid-dev@squid-cache.org>
> Sent: Sunday, February 11, 2001 3:25 PM
> Subject: Re: ssl branch compile problems
> 
> > This is not the same error. Now it finds the file but cannot read it. I
> > think Squid reads the SSL certificate as cache_effective_user, not root.
> >
> > Previously it failed to even find the file (presumabely because there
> > was none specified).
> >
> > Please also see your cache.log file. It contains more details than the
> > syslog messages.
> >
> > /Henrik
> >
> >
> > Henk-Jan Kloosterman wrote:
> > >
> > > With the options set you mentionend I get the same errors:
> > > (just got the latest from cvs)
> > >
> > > from /var/log/messages :
> > >
> > > Feb 11 15:13:06 mis2 squid[27383]: Squid Parent: child process 27386
> started
> > > Feb 11 15:13:06 mis2 (squid): Failed to acquire SSL certificate:
> > > error:0200100D:system library:fopen:Permission denied