[squid-dev] SSL: https_port cert option
oagvozd at gmail.com
Mon Dec 24 12:38:12 UTC 2018
Hello, I need to use my company's certificate as signing certificate in
'cert' argument of http_port/https_port options.
I can generate and use self-signed cert as said in Squid Manuals. All works
BUT, when I try to use my comanies cert with corrcet RSA private key -
error in squid occures:
FATAL: FATAL: No valid signing SSL certificate configured for HTTPS_port
I've debugged some and recongized that
1.*readCertChainAndPrivateKeyFromFiles *() fails when call
Warn/Err message: "X509_check_private_key() failed to verify signing cert2.
2.Openssl function *X509_check_private_key*(cert.get(), pkey.get()) fails
with X509err(X509_F_X509_CHECK_PRIVATE_KEY, X509_R_KEY_VALUES_MISMATCH);
I've checked my cert private key with openssl util - it's OK.
Also my cert (which set in cert= option) is not self-signed and issued by
another cert. Whole cert chain is 3 certificates.
I've tryed to combine all 3 certs in 1 file in corrcet order:
-----BEGIN RSA PRIVATE KEY-----
(Your Private Key: your_domain_name.key)
-----END RSA PRIVATE KEY-----
(Your Primary SSL certificate: your_domain_name.crt)
(Your Intermediate certificate: )
(Your Root certificate: TrustedRoot.crt)
And other combinations too: separate private key from cert file and give it
in key= option.
No success - always the same error.
1) How I can use my cert chain as RootCA cert for signing generated servers
2) Why such error occured?
3)May be there is requriment on such cert that it must be self-signed ?
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the squid-dev