[squid-users] Need help on SSL bump and certificate chain

From: Prasanna Venkateswaran <prascalls_at_gmail.com>
Date: Tue, 9 Apr 2013 21:18:50 +0530

Hi,
     I am using squid 3.3.1 to enable the dynamic certificate
generation functionality and it works fine with a self signed
certificate. I now have a actual signed certificate and the ssl chain
is such that my certificate -> CA1 -> Root CA.

     I cleared the previous cert db directory and re initilaized it. I
then created a cert.chain file in the format mentioned below.

-----BEGIN CERTIFICATE-----
<public key of my certificate >
-----END CERTIFICATE-----
-----BEGIN RSA PRIVATE KEY-----
< my private key >
-----END RSA PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
<public key of CA1 >
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
<public key of Root CA >
-----END CERTIFICATE-----

squid.conf:
https_port 3129 intercept generate-host-certificates=on
dynamic_cert_mem_cache_size=4MB cert=/etc/squid/ssl_cert/cert.chain
ssl-bump

    But when i start squid , i get the following error.

/usr/sbin/squid start
sh: (null): not found
FATAL: No valid signing SSL certificate configured for https_port 0.0.0.0:3129
Squid Cache (Version 3.3.1): Terminated abnormally.
CPU Usage: 0.050 seconds = 0.050 user + 0.000 sys
Maximum Resident Size: 0 KB
Page faults with physical i/o: 0

      I also tried with just my cert and private key without the chain
information and I get the same error there also. Am I missing
something here?

Regards,
Prasanna
Received on Tue Apr 09 2013 - 15:48:59 MDT

This archive was generated by hypermail 2.2.0 : Mon Apr 22 2013 - 12:00:06 MDT