Eliezer
I have now re-created the SSL certificates by creating the CSR,
sending the to the CA and getting the new certificate back.
Unfortunately, I'm still getting the same error;
2014/07/01 19:14:47| Startup: Initializing Authentication Schemes ...
2014/07/01 19:14:47| Startup: Initialized Authentication Scheme 'basic'
2014/07/01 19:14:47| Startup: Initialized Authentication Scheme 'digest'
2014/07/01 19:14:47| Startup: Initialized Authentication Scheme 'negotiate'
2014/07/01 19:14:47| Startup: Initialized Authentication Scheme 'ntlm'
2014/07/01 19:14:47| Startup: Initialized Authentication.
2014/07/01 19:14:47| Processing Configuration File:
/etc/squid/squid.conf (depth 0)
2014/07/01 19:14:47| Processing: hosts_file /etc/hosts
2014/07/01 19:14:47| Processing: http_port X.X.X.90:80 accel
defaultsite=domain.local
2014/07/01 19:14:47| Processing: http_port X.X.X.95:80 accel
defaultsite=server_1.bbbb.co.uk
2014/07/01 19:14:47| Processing: https_port X.X.X.95:443 accel
cert=/usr/newrprgate/CertAuth/www_domain_info/14735441.crt
key=/usr/newrprgate/CertAuth/www_domain_info/domain_info_key.pem
defaultsite=server_1.bbbb.co.uk
2014/07/01 19:14:47| Processing: cache_peer X.X.125.205 parent 8025 0
no-query originserver name=server_1
2014/07/01 19:14:47| Processing: acl sites_server_1 dstdomain www.domain.info
2014/07/01 19:14:47| Processing: cache_peer_access server_1 allow sites_server_1
2014/07/01 19:14:47| Processing: cache_peer_access server_1 deny all
2014/07/01 19:14:47| Processing: http_port X.X.X.96:80 accel
defaultsite=server_2.bbbb.co.uk
2014/07/01 19:14:47| Processing: cache_peer X.X.125.2X parent 8026 0
no-query originserver name=server_2_http
2014/07/01 19:14:47| Processing: cache_peer X.X.125.2X parent 8061 0
no-query originserver ssl sslflags=DONT_VERIFY_PEER
name=server_2_https
2014/07/01 19:14:47| Processing: acl sites_server_2 dstdomain
www.domainhomes.org.uk
2014/07/01 19:14:47| Processing: cache_peer_access server_2_http allow
sites_server_2
2014/07/01 19:14:47| Processing: cache_peer_access server_2_https
allow sites_server_2
2014/07/01 19:14:47| Processing: cache_peer_access server_2_http deny all
2014/07/01 19:14:47| Processing: cache_peer_access server_2_https deny all
2014/07/01 19:14:47| Processing: http_port X.X.X.97:80 accel
defaultsite=server_3.bbbb.co.uk
2014/07/01 19:14:47| Processing: cache_peer X.X.125.205 parent 8025 0
no-query originserver name=server_3_http
2014/07/01 19:14:47| Processing: cache_peer X.X.125.205 parent 8061 0
no-query originserver ssl sslflags=DONT_VERIFY_PEER
name=server_3_https
2014/07/01 19:14:47| Processing: acl sites_server_3 dstdomain www.domain2.info
2014/07/01 19:14:47| Processing: cache_peer_access server_3_http allow
sites_server_3
2014/07/01 19:14:47| Processing: cache_peer_access server_3_https
allow sites_server_3
2014/07/01 19:14:47| Processing: cache_peer_access server_3_http deny all
2014/07/01 19:14:47| Processing: cache_peer_access server_3_https deny all
2014/07/01 19:14:47| Processing: acl localnet src X.0.0.0/8 # RFCX8
possible internal network
2014/07/01 19:14:47| Processing: acl localnet src 172.X.0.0/12 # RFCX8
possible internal network
2014/07/01 19:14:47| Processing: acl localnet src 192.X8.0.0/X
# RFCX8 possible internal network
2014/07/01 19:14:47| Processing: acl localnet src fc00::/7 # RFC
4193 local private network range
2014/07/01 19:14:47| aclIpParseIpData: IPv6 has not been enabled.
2014/07/01 19:14:47| Processing: acl localnet src fe80::/X # RFC
4291 link-local (directly plugged) machines
2014/07/01 19:14:47| aclIpParseIpData: IPv6 has not been enabled.
2014/07/01 19:14:47| Processing: acl SSL_ports port 443
2014/07/01 19:14:47| Processing: acl Safe_ports port 80 # http
2014/07/01 19:14:47| Processing: acl Safe_ports port 21 # ftp
2014/07/01 19:14:47| Processing: acl Safe_ports port 443 # https
2014/07/01 19:14:47| Processing: acl Safe_ports port 70 # gopher
2014/07/01 19:14:47| Processing: acl Safe_ports port 2X # wais
2014/07/01 19:14:47| Processing: acl Safe_ports port X25-65535 #
unregistered ports
2014/07/01 19:14:47| Processing: acl Safe_ports port 280
# http-mgmt
2014/07/01 19:14:47| Processing: acl Safe_ports port 488
# gss-http
2014/07/01 19:14:47| Processing: acl Safe_ports port 591
# filemaker
2014/07/01 19:14:47| Processing: acl Safe_ports port 777
# multiling http
2014/07/01 19:14:47| Processing: acl CONNECT method CONNECT
2014/07/01 19:14:47| Processing: http_access deny !Safe_ports
2014/07/01 19:14:47| Processing: http_access deny CONNECT !SSL_ports
2014/07/01 19:14:47| Processing: http_access allow localhost manager
2014/07/01 19:14:47| Processing: http_access deny manager
2014/07/01 19:14:47| Processing: acl all_internet src all
2014/07/01 19:14:47| Processing: http_access allow tte_network
2014/07/01 19:14:47| Processing: http_access allow ltdc_network
2014/07/01 19:14:47| Processing: http_access allow lldc_network
2014/07/01 19:14:47| Processing: http_access allow fot_network
2014/07/01 19:14:47| Processing: http_access allow sth_network
2014/07/01 19:14:47| Processing: http_access allow dmz_network
2014/07/01 19:14:47| Processing: http_access allow all_internet
2014/07/01 19:14:47| Processing: http_access allow localnet
2014/07/01 19:14:47| Processing: http_access allow localhost
2014/07/01 19:14:47| Processing: http_access deny all
2014/07/01 19:14:47| Processing: http_port 8080
2014/07/01 19:14:47| Processing: coredump_dir /var/spool/squid
2014/07/01 19:14:47| Processing: refresh_pattern ^ftp: 1440
20% X080
2014/07/01 19:14:47| Processing: refresh_pattern ^gopher: 1440
0% 1440
2014/07/01 19:14:47| Processing: refresh_pattern -i (/cgi-bin/|\?) 0
0% 0
2014/07/01 19:14:47| Processing: refresh_pattern . 0
20% 4320
2014/07/01 19:14:47| Processing: access_log
stdio:/var/log/squid/access_common.log common
2014/07/01 19:14:47| Processing: httpd_suppress_version_string on
2014/07/01 19:14:47| Processing: visible_hostname host.bbbb.co.uk
2014/07/01 19:14:47| Initializing https proxy context
2014/07/01 19:14:47| Initializing cache_peer server_2_https SSL context
2014/07/01 19:14:47| Initializing cache_peer server_3_https SSL context
2014/07/01 19:14:47| Initializing https_port X.X.X.95:443 SSL context
2014/07/01 19:14:47| Using certificate in
/usr/newrprgate/CertAuth/www_domain_info/14735441.crt
2014/07/01 19:14:47| storeDirWriteCleanLogs: Starting...
2014/07/01 19:14:47| Finished. Wrote 0 entries.
2014/07/01 19:14:47| Took 0.00 seconds ( 0.00 entries/sec).
FATAL: No valid signing SSL certificate configured for https_port X.X.X.95:443
Squid Cache (Version 3.4.3): Terminated abnormally.
CPU Usage: 0.064 seconds = 0.051 user + 0.013 sys
Maximum Resident Size: 32032 KB
Page faults with physical i/o: 0
I think I might try the Oracle 6.5 repo version Squid 3.1 RPM which
comes with the distro first, before I start compiling a new version of
Squid.
John
On 30 June 2014 12:14, Eliezer Croitoru <eliezer_at_ngtech.co.il> wrote:
> I would say +1 for binary search..
> Remove all specials and make it:
>
> https_port 10.x.x.95:443 accel
> cert=/usr/newrprgate/CertAuth/cert/cert.crt
> key=/usr/newrprgate/CertAuth/cert/key.pem defaultsite=server_1.uk
>
> Which will minimize it to a working settings which works on every linux
> version with any openssl library I know of.
>
> If it won't work I will verify that the certificates are in the right format
> and if not convert them to the right format..
>
> Else then that is to compile it from src on this or similar machine and find
> out if you have the same issue with a self signed certificate.
>
> I have not tested it yet on my build node but unless something is really odd
> it should work with no issues.
>
> Eliezer
>
>
> On 06/30/2014 02:07 PM, John Gardner wrote:
>>
>> Eliezer
>>
>> The line that was working but is now causing problems is;
>>
>>
>> https_port 10.x.x.95:443 accel
>> cert=/usr/newrprgate/CertAuth/cert/cert.crt
>> key=/usr/newrprgate/CertAuth/cert/key.pem
>> cipher=ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM
>> options=NO_SSLv2 defaultsite=server_1.uk
>>
>> John
>
>
Received on Tue Jul 01 2014 - 18:25:48 MDT
This archive was generated by hypermail 2.2.0 : Wed Jul 02 2014 - 12:00:04 MDT