Re: [squid-users] problems with ssl_crtd

From: Linos <info_at_linos.es>
Date: Wed, 19 Sep 2012 17:45:18 +0200

On 19/09/12 17:26, Eliezer Croitoru wrote:
> On 9/19/2012 1:44 PM, Linos wrote:
>> Hi,
>> i have been using Squid squid-3.2.0.17-20120527-r11561 in an Ubuntu Server
>> 12.04 some time with ssl-bump without problems for a year, the ca cert expired
>> some days ago and with the new ca cert i installed squid 3.2.1 stable.
>>
>> Now the proxy exists every time 10 or more users use https at the same time,
>> it's pretty strange, i have tried to downgrade to the old squid version but i
>> can't get the proxy to be stable no matter if using new or old version, i have
>> tried to recreate other cert just in case, same problem, i recreated too
>> squid_ssl_db and cache_dir, no matter what i do it keeps crashing, the cache log
>> read as this:
>>
> <SNIP>
>>
>> I am using this ssl-bump line in squid.conf:
>> http_port 3150 ssl-bump generate-host-certificates=on
>> dynamic_cert_mem_cache_size=16MB cert=/etc/squid3/ssl_cert/myCA.pem
>>
>> I generated this myCA.pem using the instructions here
>> http://wiki.squid-cache.org/Features/DynamicSslCert
>
> do you still have the old pem file?
> If it's expired ok but it should be still running but creating defective
> certificates.
I have the old pem, yes, but squid it's working fine with the new until more
than 5~6 people visit at the same time a https site, don't seems to be a problem
with a non-working certificate, i will test with the old one anyway.

>
> did you changed ownership for the directory and files?
I have checked the ownership and files many times, and recreated the directories
some times too.

> did you tried to run the command from shell to see if it works?
it works because being launch by squid works too for some time.

>
> Eliezer
>

Miguel Angel.
Received on Wed Sep 19 2012 - 15:45:25 MDT

This archive was generated by hypermail 2.2.0 : Thu Sep 20 2012 - 12:00:04 MDT