Fwd: [squid-users] Problem when Squid3 calls my server certificate

From: <mortbox@dont-contact.us>
Date: Sat, 31 Jan 2004 20:49:23 -0500

i've asked to be removed countless times. here's another message that
i didn't want. it's really not that hard to remove somebody is it...

This is a forwarded message
From: Ben Keepper <ben@keepper.net>
To: squid-users@squid-cache.org
Date: Wednesday, January 28, 2004, 12:58:06 AM
Subject: [squid-users] Problem when Squid3 calls my server certificate

===8<==============Original message text===============
Greetings,

I get the following error when running squid -z:

2004/01/27 21:47:47| Initialising SSL.
2004/01/27 21:47:47| Using certificate in
/usr/local/squid/etc/server.crt
2004/01/27 21:47:47| Using private key in
/usr/local/squid/etc/server.crt
2004/01/27 21:47:47| Failed to acquire SSL private key
'/usr/local/squid/etc/server.crt': error:0906D06C:PEM
routines:PEM_read_bio:no start line
FATAL: Bungled squid.conf line 4: https_port 443
cert=/usr/local/squid/etc/server.crt
Squid Cache (Version 3.0-PRE3-20040125): Terminated abnormally.
CPU Usage: 0.020 seconds = 0.020 user + 0.000 sys
Maximum Resident Size: 0 KB
Page faults with physical i/o: 569
Aborted

I generated the certificate and signed it myself with the following
commands:

openssl genrsa -des3 -out server.key 1024
openssl rsa -in server.key -out server.pem
openssl req -new -key server.key -out server.csr
openssl x509 -req -days 60 -in server.csr -signkey server.key -out
server.crt

My squid.conf:

visible_hostname squid.xxxx.net
cache_mgr ben@xxxxx.net

https_port 443 cert=/usr/local/squid/etc/server.crt
key=/usr/local/squid/etc/server.key
cafile=/usr/local/squid/etc/server.crt defaultsite=mail.xxxxx.net

cache_peer mail.xxxxx.net parent 443 0 no-query ssl proxy-only
originserver login=PASS sslcert=/usr/local/squid/etc/server.crt
sslkey=/usr/local/squid/etc/server.key sslflags=DONT_VERIFY_PEER

ssl_unclean_shutdown on

acl owa-exchange urlpath_regex \/exchange(\/|$)
acl owa-webid urlpath_regex \/WebID\/

acl all src 0.0.0.0/0.0.0.0
acl all-dst dst 0.0.0.0/0.0.0.0
acl owa-host dst 172.16.111.235/255.255.255.255

http_access allow 172.16.111.235 172.16.111.235
http_reply_access allow all-dst
http_access deny all
http_access deny all-dst

SSL version:
openssl-0.9.7b-4.1.92

Squid is Jan 25th Daily Build

Any help would be appreciated.

Thanks,

Ben

===8<===========End of original message text===========

-- 
Best regards,
 mortbox                            mailto:mortbox@gamebox.net
Received on Sat Jan 31 2004 - 22:07:42 MST

This archive was generated by hypermail pre-2.1.9 : Sun Feb 01 2004 - 12:00:14 MST