RE: [squid-users] Using trusted fake CA cert for ssl-bump on http_port

---------------------------------------- > From: sgangadharan_at_wavecrest.gi > Date: Mon, 9 Dec 2013 11:55:42 +0530 > > Hi Sridhar, > > I don’t see the following in your config file : > > sslcrtd_program /usr/lib64/squid/ssl_crtd -s /var/lib/ssl_db -M 4MB > sslcrtd_children 50 > > always_direct allow all > > > /var/lib/ssl_db should be owned by squid. This is where the generated > certificates will be stored. This folder is created by using the command : > > ssl_crtd -c -s /var/lib/ssl_db > Thanks. I added those lines, still getting the same problem though.  What else might be going on ? root_at_ubuntu:~# squid -k parse 2013/12/09 18:17:57| Startup: Initializing Authentication Schemes ... 2013/12/09 18:17:57| Startup: Initialized Authentication Scheme 'basic' 2013/12/09 18:17:57| Startup: Initialized Authentication Scheme 'digest' 2013/12/09 18:17:57| Startup: Initialized Authentication Scheme 'negotiate' 2013/12/09 18:17:57| Startup: Initialized Authentication Scheme 'ntlm' 2013/12/09 18:17:57| Startup: Initialized Authentication. 2013/12/09 18:17:57| Processing Configuration File: /usr/local/etc/squid.conf (depth 0) 2013/12/09 18:17:57| Processing: acl localnet src 10.0.0.0/8 # RFC1918 possible internal network 2013/12/09 18:17:57| Processing: acl localnet src 172.16.0.0/12 # RFC1918 possible internal network 2013/12/09 18:17:57| Processing: acl localnet src 192.168.0.0/16 # RFC1918 possible internal network 2013/12/09 18:17:57| Processing: acl localnet src fc00::/7       # RFC 4193 local private network range 2013/12/09 18:17:57| Processing: acl localnet src fe80::/10      # RFC 4291 link-local (directly plugged) machines 2013/12/09 18:17:57| Processing: acl SSL_ports port 443 2013/12/09 18:17:57| Processing: acl Safe_ports port 80 # http 2013/12/09 18:17:57| Processing: acl Safe_ports port 21 # ftp 2013/12/09 18:17:57| Processing: acl Safe_ports port 443 # https 2013/12/09 18:17:57| Processing: acl Safe_ports port 70 # gopher 2013/12/09 18:17:57| Processing: acl Safe_ports port 210 # wais 2013/12/09 18:17:57| Processing: acl Safe_ports port 1025-65535 # unregistered ports 2013/12/09 18:17:57| Processing: acl Safe_ports port 280 # http-mgmt 2013/12/09 18:17:57| Processing: acl Safe_ports port 488 # gss-http 2013/12/09 18:17:57| Processing: acl Safe_ports port 591 # filemaker 2013/12/09 18:17:57| Processing: acl Safe_ports port 777 # multiling http 2013/12/09 18:17:57| Processing: acl CONNECT method CONNECT 2013/12/09 18:17:57| Processing: http_access deny !Safe_ports 2013/12/09 18:17:57| Processing: http_access allow localhost manager 2013/12/09 18:17:57| Processing: http_access deny manager 2013/12/09 18:17:57| Processing: http_access allow localnet 2013/12/09 18:17:57| Processing: http_access allow localhost 2013/12/09 18:17:57| Processing: http_access allow all 2013/12/09 18:17:57| Processing: http_port 4128 ssl-bump  generate-host-certificates=on  cert=/etc/ssl/demoCA/CA/cacert.pem key=/etc/ssl/demoCA/CA/cacert.key 2013/12/09 18:17:57| Processing: ssl_bump server-first all 2013/12/09 18:17:57| Processing: sslcrtd_program /usr/local/libexec/ssl_crtd -s /usr/local/var/lib/ssl_db 2013/12/09 18:17:57| Processing: sslcrtd_children 5 2013/12/09 18:17:57| Processing: always_direct allow all 2013/12/09 18:17:57| Processing: coredump_dir /usr/local/var/cache/squid 2013/12/09 18:17:57| Processing: refresh_pattern ^ftp: 1440 20% 10080 2013/12/09 18:17:57| Processing: refresh_pattern ^gopher: 1440 0% 1440 2013/12/09 18:17:57| Processing: refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 2013/12/09 18:17:57| Processing: refresh_pattern . 0 20% 4320 2013/12/09 18:17:57| Initializing https proxy context 2013/12/09 18:17:57| Initializing http_port [::]:4128 SSL context 2013/12/09 18:17:57| Using certificate in /etc/ssl/demoCA/CA/cacert.pem 2013/12/09 18:17:57| storeDirWriteCleanLogs: Starting... 2013/12/09 18:17:57|   Finished.  Wrote 0 entries. 2013/12/09 18:17:57|   Took 0.00 seconds (  0.00 entries/sec). FATAL: No valid signing SSL certificate configured for http_port [::]:4128 Squid Cache (Version 3.3.10): Terminated abnormally. CPU Usage: 0.008 seconds = 0.008 user + 0.000 sys Maximum Resident Size: 25808 KB Page faults with physical i/o: 0
Received on Mon Dec 09 2013 - 12:50:24 MST