[squid-users] 3.5.6: need help: FATAL: No valid signing SSL certificate but openssl verify is OK
David Touzeau
david at articatech.com
Mon Jul 27 00:06:14 UTC 2015
Dear
My certificate and my own Root CA's that are already installed on all
computers and need to use it in Squid.
using
The Certificate :
--------------------------------------------------------------------------------------------------
openssl x509 -subject -issuer -enddate -noout -in certificate.pem
subject= /C=FR/ST=Ile de France/L=Paris/O=My Company/OU=IT
service/CN=proxyweb.domain.tld
issuer= /CN=ACTISSIA-CA
notAfter=Jul 8 12:32:53 2016 GMT
The Root CA
--------------------------------------------------------------------------------------------------
openssl x509 -subject -issuer -enddate -noout -in /etc/squid3/Cafile.ca
subject= /CN=ACTISSIA-CA
issuer= /CN=ACTISSIA-CA
notAfter=Apr 10 08:03:12 2019 GMT
Verify certificate and Root's CA:
--------------------------------------------------------------------------------------------------
/usr/bin/openssl verify -verbose -CAfile /etc/squid3/Cafile.ca
/etc/squid3/certificate.pem
certificate.pem: OK
i have create the chain
cat /etc/squid3/Cafile.ca >/etc/squid3/chain.pem
cat /etc/squid3/certificate.pem >>/etc/squid3/chain.pem
Added :
http_port 0.0.0.0:3128 ssl-bump generate-host-certificates=on
dynamic_cert_mem_cache_size=4MB cert=/etc/squid3/chain.pem
But i was unable to start squid with the error
2015/07/27 00:57:43| Using certificate in /etc/squid3/ssl/calast.pem
2015/07/27 00:57:43| storeDirWriteCleanLogs: Starting...
2015/07/27 00:57:43| Finished. Wrote 0 entries.
2015/07/27 00:57:43| Took 0.00 seconds ( 0.00 entries/sec).
FATAL: No valid signing SSL certificate configured for HTTP_port
0.0.0.0:3128
Squid Cache (Version 3.5.6): Terminated abnormally.
More information about the squid-users
mailing list