Hey Guy,
Thanks for the direction. But i was able to figure it out. It was a
problem with ssl_db directory permissions not set correctly due to
which ssl_crtd programs were unable to write to it. They would then
terminate and return a NULL to squid. Upon seeing that all the
ssl_crtd children were dying, squid decided to shut it self also.
Regards,
-talha
On Thu, May 3, 2012 at 10:05 PM, Guy Helmer
<guy.helmer_at_palisadesystems.com> wrote:
>
> On May 3, 2012, at 5:05 AM, Ahmed Talha Khan wrote:
>
>> Hey all,
>> I am using squid 3.2.17 to generate dynamic certificates in my proxy
>> setup. The certificate generation programs are crashing instantly when
>> a generation request goes to them on opening an https page. My machine
>> is RHEL 5 (kernel 2.6.18-194) x86_64.
>>
>>
>> Here is my squid conf:
>>
>>
>> http_port 192.168.8.40:3128 ssl-bump generate-host-certificates=on
>> dynamic_cert_mem_cache_size=4MB
>> cert=/home/talha/squid/www.sample.com.pem
>> key=/home/talha/squid/www.sample.com.pem
>>
>
> What are your ssl_crtd settings? They should be something like this:
>
> sslcrtd_program /usr/local/libexec/squid/ssl_crtd -s /var/log/squid/ssl_db -M 4MB
> sslcrtd_children 32 startup=5 idle=1
>
> depending on the path for the ssl_crtd executable and the directory you want ssl_crtd to use to store the cached certs and metadata.
>
> Hope this helps,
> Guy
>
> --------
> This message has been scanned by ComplianceSafe, powered by Palisade's PacketSure.
-- Regards, -Ahmed Talha KhanReceived on Thu May 03 2012 - 18:36:36 MDT
This archive was generated by hypermail 2.2.0 : Fri May 04 2012 - 12:00:02 MDT