[squid-users] No valid signing SSL certificate configured for HTTPS_port
squid3 at treenet.co.nz
Tue Nov 8 06:27:40 UTC 2016
On 6/11/2016 7:52 a.m., Garri Djavadyan wrote:
> On 2016-11-05 23:10, konradka wrote:
>> Hi Garri,
>> Thanks for your responses mate !
>> I did not realize that the squid was compiled with proxy user. Well
>> It looks like permission's issue but squid error message is not giving
>> any more details.
>> I will configure debug_options to see what is failing exactly.
>> The modulus check is a good idea too so I will get this checked and
>> post the
> Actually, there should not be problems with DAC rights for user 'proxy',
> I found that Squid reads the keys as root. But there may be problems
> with MAC rights for Squid, if any enabled by default. As you use Ubuntu,
> you should check AppArmor logs for problems indication.
> The same error may appear, if path or filename is misspelled.
Or if the key= parameter is listed before the cert= parameter. I have
just made that case a different (and FATAL) error on config loading.
After loading the cert and key from the relevant files, Squid verifies
that they are a matching pair. This message is output if for any reason
that check fails, or the loading fails.
More information about the squid-users