[squid-users] No valid signing SSL certificate configured for HTTPS_port

Tue Nov 8 08:51:54 UTC 2016

Hi Amos,

This could be the problem. I built another VM based on Debian and ended up
creating my own CA / PKI.

Self-signed certificates worked and I was able to move on at last.

Great learning experience to see how SSL / openssl works.

Now I am stuck with Windows client unable to connect to reverse-proxyfied
Exchange.

When I connect via NAT/PAT, I can get to OWA/ECP.

When squid is acting as reverse-proxy, connection is timing out.

Looks like my Exchange SSL is not working but I will deal with this later.

Thanks a lot for your help.

Cheers

Konrad

On Tue, Nov 8, 2016 at 6:18 AM, Amos Jeffries [via Squid Web Proxy Cache] <
ml-node+s1019090n4680457h1 at n4.nabble.com> wrote:

> On 6/11/2016 7:52 a.m., Garri Djavadyan wrote:
>
> > On 2016-11-05 23:10, konradka wrote:
> >> Hi Garri,
> >>
> >> Thanks for your responses mate !
> >>
> >> I did not realize that the squid was compiled with proxy user. Well
> >> spotted
> >> !
> >>
> >> It looks like permission's issue but squid error message is not giving
> >> away
> >> any more details.
> >>
> >> I will configure debug_options to see what is failing exactly.
> >>
> >> The modulus check is a good idea too so I will get this checked and
> >> post the
> >> results.
> >
> > Actually, there should not be problems with DAC rights for user 'proxy',
> > I found that Squid reads the keys as root. But there may be problems
> > with MAC rights for Squid, if any enabled by default. As you use Ubuntu,
> > you should check AppArmor logs for problems indication.
> >
> > The same error may appear, if path or filename is misspelled.
> >
>
> Or if the key= parameter is listed before the cert= parameter. I have
> just made that case a different (and FATAL) error on config loading.
>
> After loading the cert and key from the relevant files, Squid verifies
> that they are a matching pair. This message is output if for any reason
> that check fails, or the loading fails.
>
> Amos
>
> _______________________________________________
> squid-users mailing list
> [hidden email] <http:///user/SendEmail.jtp?type=node&node=4680457&i=0>
> http://lists.squid-cache.org/listinfo/squid-users
>
>
> ------------------------------
> If you reply to this email, your message will be added to the discussion
> below:
> http://squid-web-proxy-cache.1019090.n4.nabble.com/No-
> valid-signing-SSL-certificate-configured-for-HTTPS-port-
> tp4680434p4680457.html
> To unsubscribe from No valid signing SSL certificate configured for
> HTTPS_port, click here
> <http://squid-web-proxy-cache.1019090.n4.nabble.com/template/NamlServlet.jtp?macro=unsubscribe_by_code&node=4680434&code=aXRkaXJlY3Rjb25zdWx0aW5nQGdtYWlsLmNvbXw0NjgwNDM0fDEyODAwNzUyMQ==>
> .
> NAML
> <http://squid-web-proxy-cache.1019090.n4.nabble.com/template/NamlServlet.jtp?macro=macro_viewer&id=instant_html%21nabble%3Aemail.naml&base=nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.view.web.template.NodeNamespace&breadcrumbs=notify_subscribers%21nabble%3Aemail.naml-instant_emails%21nabble%3Aemail.naml-send_instant_email%21nabble%3Aemail.naml>
>

--
View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/No-valid-signing-SSL-certificate-configured-for-HTTPS-port-tp4680434p4680459.html
Sent from the Squid - Users mailing list archive at Nabble.com.