<div dir="ltr"><div dir="ltr"><div>Hello, I need to use my company's certificate as signing certificate in 'cert' argument of http_port/https_port options.</div><div><br></div><div>I can generate and use self-signed cert as said in Squid Manuals. All works fine.</div><div><br></div><div>BUT, when I try to use my comanies cert with corrcet RSA private key - error in squid occures:</div><div>FATAL:
FATAL: No valid signing SSL certificate configured for HTTPS_port <a href="http://192.168.1.1:3128" target="_blank">192.168.1.1:3128</a> <br></div><div><br></div><div>I've debugged some and recongized that</div><br>1.<b>readCertChainAndPrivateKeyFromFiles </b>() fails when call X509_check_private_key(cert.get(), pkey.get()):<br>Warn/Err message: "X509_check_private_key() failed to verify signing cert2.<br><br>2.Openssl function <b>X509_check_private_key</b>(cert.get(), pkey.get()) fails with X509err(X509_F_X509_CHECK_PRIVATE_KEY, X509_R_KEY_VALUES_MISMATCH);<br></div><div dir="ltr"><br></div><div>I've checked my cert private key with openssl util - it's OK.</div><div><br></div><div>Also my cert (which set in cert= option) is not self-signed and issued by another cert. Whole cert chain is 3 certificates.</div><div><br></div><div dir="ltr">I've tryed to combine all 3 certs in 1 file in corrcet order:</div><div dir="ltr"></div><div dir="ltr">
<p>
<span style="color:gray">-----BEGIN RSA PRIVATE KEY-----
<br>
(Your Private Key: your_domain_name.key)
<br>
-----END RSA PRIVATE KEY-----
</span>
<br>
<span style="color:rgb(255,102,0)">-----BEGIN CERTIFICATE-----
<br>
(Your Primary SSL certificate: your_domain_name.crt)
<br>
-----END CERTIFICATE-----
</span>
<br>
<span style="color:rgb(51,153,0)">-----BEGIN CERTIFICATE-----
<br>
(Your Intermediate certificate: )
<br>
-----END CERTIFICATE-----
</span>
<br>
<span style="color:rgb(51,102,153)">-----BEGIN CERTIFICATE-----
<br>
(Your Root certificate: TrustedRoot.crt)
<br>
-----END CERTIFICATE-----
</span>
</p>
</div><div dir="ltr"><br></div><div>And other combinations too: separate private key from cert file and give it in key= option.</div><div><br></div><div>No success - always the same error.</div><div><br></div><div>So questions:<br></div><div>1) How I can use my cert chain as RootCA cert for signing generated servers certificates ?</div><div>2) Why such error occured?</div><div>3)May be there is requriment on such cert that it must be self-signed ?</div><div><br></div><div></div><div>Thanks.<br></div><div><br></div><div><br></div><div dir="ltr"><br><br></div></div>