RE: FW: [squid-users] Cert issue on reserve proxy

From: Jason Hitt <Jhitt@dont-contact.us>
Date: Tue, 5 Jun 2007 10:59:17 -0500

When I log in as root I get access denied on writing cache due to the
user account owning the directory, set it back to nobody?

cache_peer <web servers ip> parent 443 0 no-query originserver ssl
sslflags=DONT_VERIFY_PEER Login=PASS

We also have sslproxy set to no verify but not sure if that matters.

-----Original Message-----
From: Henrik Nordstrom [mailto:henrik@henriknordstrom.net]
Sent: Tuesday, June 05, 2007 10:43 AM
To: Jason Hitt
Cc: squid-users@squid-cache.org
Subject: Re: FW: [squid-users] Cert issue on reserve proxy

tis 2007-06-05 klockan 10:11 -0500 skrev Jason Hitt:
> After logging in as the effective user and setting the cache and log
ownership to this account when I launch squid I get this:
>
> commBind: Cannot bind socket FD 12 to *:443: (13) Permission denied
> FATAL: Cannot open HTTP Port

You should start Squid as root, with cache_effective_user set to the
user you want Squid to run as.

> CONNECTED(00000004)
> depth=0 /CN=<url>
> verify error:num=18:self signed certificate verify return:1 depth=0
> /CN=<url> verify return:1

> ---
> Certificate chain
> 0 s:/CN=<url>
> i:/CN=<url>

Looks good.

What do your cache_peer line look like? With self-signed certificates
you need to either disable peer certificte validation, or use the peer
certificate as an CA.

Regards
Henrik
Received on Tue Jun 05 2007 - 09:59:39 MDT

This archive was generated by hypermail pre-2.1.9 : Sun Jul 01 2007 - 12:00:04 MDT