[squid-users] 3.5.6: need help: FATAL: No valid signing SSL certificate but openssl verify is OK

David Touzeau david at articatech.com
Mon Jul 27 08:20:10 UTC 2015





Thanks Amos, i have removed the generate-host-certificates

http_port 0.0.0.0:3128  ssl-bump  dynamic_cert_mem_cache_size=4MB 
cert=/etc/squid3/ssl/chain.pem



But Squid still not want load the couple of Ca and certificate.


2015/07/27 10:16:30| Using certificate in /etc/squid3/ssl/chain.pem
2015/07/27 10:16:30| storeDirWriteCleanLogs: Starting...
2015/07/27 10:16:30|   Finished.  Wrote 0 entries.
2015/07/27 10:16:30|   Took 0.00 seconds (  0.00 entries/sec).
FATAL: No valid signing SSL certificate configured for HTTP_port 
0.0.0.0:3128
Squid Cache (Version 3.5.5-20150619-r13846): Terminated abnormally.
CPU Usage: 0.008 seconds = 0.004 user + 0.004 sys
Maximum Resident Size: 33408 KB
Page faults with physical i/o: 0

Does /etc/squid3/chain.pem contain the private key of a CA whose public
key is trusted by the client already?

No the chain.pem, contains only the Root CA's and the certificate









More information about the squid-users mailing list