Re: [Fwd: [squid-users] SSL tunneling]

From: Henrik Nordstrom <hno@dont-contact.us>
Date: Fri, 10 May 2002 22:46:50 +0100

A RSA key isn't sufficient. You also need a certificate (a digital
signature of the public key, signing that the key belongs to your
domain).

The following is the OpenSSL command for generating a self-signed
certificate with a matching un-encrypted RSA key:

openssl req -new -x509 -nodes -keyout test_key.pem -out test_cert.pem

For more information, see the OpenSSL documentation.

Regards
Henrik

On Friday 10 May 2002 16:11, Simone Crider wrote:
> Hello Henrik,
>
> Our Zope Web Developer forwarded to me your SSL tunneling response
> to Turgut Kalfaoglu, that was posted to the squid-users group. We
> are having a similar problem.
>
>
> I'm a newbie at SSL & am attempting to generate a unencrypted key,
>
>
> # openssl genrsa -out server.key 1024
>
> # openssl rsa -in server.key -out server.pem
>
>
> I'm still getting the failed error when starting squid,
>
> 2002/05/09 15:04:21| Using certificate in
> /usr/local/squid/ssl/server.pem
> FATAL: Failed to acquire SSL certificate: error:0906D06C:PEM
> routines:PEM_read_bio:no start line
>
> Our squid config looks as follows,
>
> https_port 192.168.1.20:443 key=/usr/local/squid/ssl/server.pem
>
> We too are using squid-2.5.PRE5.
>
> Any advice that you could offer, would be greatly appreciated!
>
> Thank you,
>
> Simone Crider
>
> > Subject: Re: [squid-users] SSL tunneling
> > Date: Thu, 9 May 2002 11:18:42 +0200
> > From: "Squid Support (Henrik Nordstrom)" <hno@marasystems.com>
> > Organization: MARA Systems AB
> > To: Turgut Kalfaoglu <turgut@egenet.com.tr>,
> > squid-users@squid-cache.org References:
> > <5.1.1.2.2.20020509114430.00b9c7f0@mail.egenet.com.tr>
> >
> > There isn't any STABLE version with SSL, you seem to be using the
> > Squid-2.5 PRE release.
> >
> > Your SSL key need to either be unencrypted, or you need to start
> > Squid with the -N option to allow SSL to ask for the key
> > password.
> >
> > Regards
> > Henrik
> >
> > On Thursday 09 May 2002 10:47, Turgut Kalfaoglu wrote:
> > > Hi there. I am trying to our Squid (latest stable version) to
> > > work with SSL. I have created the necessary certificates and
> > > configured the http_port parameter
> > > correctly, specifying both the certificate file and its private
> > > key file properly.
> > > However, Upon startup, Squid always complains that:
> > > FATAL: Failed to acquire SSL private key: error 0906406D: PEM
> > > Routines: DEF_CALLBACK: problems getting password.
> > >
> > > Hence it quits at that point. I have the latest SSLEAY
> > > installed as well, and ' make test' option of it shows that it
> > > is installed properly?
> > >
> > > I am pretty sure I am using the correct key file, but for some
> > > reason, it is unable to read it.
> > >
> > > Help :)
> > > -turgut
> > > -------------
> > > Turgut Kalfaoglu www.kalfaoglu.com
> > > EgeNet Internet Servisleri www.egenet.com.tr
> >
> > --
> > MARA Systems AB, Giving you basic free Squid support
> > Your source of advanced web reverse proxying solutions
> > http://www.marasystems.com/producs/
Received on Fri May 10 2002 - 16:01:22 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:08:04 MST