[squid-users] Uninitialized SSL certificate database directory

Tue Aug 28 13:08:19 UTC 2018

Thanks for your answer, here's the output after the upgrade:

[root at localhost ssl_cert]# squid -v
Squid Cache: Version 4.1
Service Name: squid

'--with-default-user=squid'

Error:

[root at localhost ssl_cert]# /usr/lib64/squid/security_file_certgen -c -s
/usr/local/squid/var/cache/squid/ssl_db -M 4MB
Initialization SSL db...
/usr/lib64/squid/security_file_certgen: Cannot create
/usr/local/squid/var/cache/squid/ssl_db

>From the cache.log:

2018/08/28 09:00:36 kid1| Set Current Directory to /var/spool/squid
(security_file_certgen): Uninitialized SSL certificate database directory:
/usr/local/squid/var/cache/squid/ssl_db. To initialize, run
"security_file_certgen -c -s /usr/local/squid/var/cache/squid/ssl_db".
...
2018/08/28 09:00:37 kid1| Accepting NAT intercepted SSL bumped HTTPS Socket
connections at local=[::]:3129 remote=[::] FD 17 flags=41
2018/08/28 09:00:37 kid1| WARNING: /usr/lib64/squid/security_file_certgen
-s /usr/local/squid/var/cache/squid/ssl_db -M 4MB #Hlpr1 exited
2018/08/28 09:00:37 kid1| Too few /usr/lib64/squid/security_file_certgen -s
/usr/local/squid/var/cache/squid/ssl_db -M 4MB processes are running (need
1/8)

Permissions:

drwxrwxrwx. 2 squid squid 6 Aug 28 08:45 ssl_db
drwxrwxrwx. 3 squid squid 20 Aug 28 08:45 squid
drwxrwxrwx. 3 squid squid 19 Aug 28 08:45 cache
drwxrwxrwx. 3 squid squid 19 Aug 28 08:45 var
drwxrwxrwx. 3 squid squid 17 Aug 28 08:45 squid

Status:

[root at localhost /]# systemctl status squid
● squid.service - Squid Web Proxy Server
   Loaded: loaded (/usr/lib/systemd/system/squid.service; enabled; vendor
preset: disabled)
   Active: failed (Result: exit-code) since Tue 2018-08-28 09:00:37 EDT;
2min 5s ago
     Docs: man:squid(8)
  Process: 4993 ExecStop=/usr/sbin/squidshut.sh (code=exited, status=255)

It doesn't matter if I create /squid with squid.squid user.group
permissions with rwx, the error is always the same.

I'm downloading https://www.pfsense.org, will try from there. Also attached
the squid.conf just in case.

Regards.

El mar., 28 ago. 2018 a las 8:28, Amos Jeffries (<squid3 at treenet.co.nz>)
escribió:

> On 28/08/18 7:13 AM, Maximiliano Santa Cruz wrote:
> >
> > Hello everybody.
> >
> > I've been struggling with this error:
> >
> > (ssl_crtd): Uninitialized SSL certificate database directory:
> > /var/lib/ssl_db. To initialize, run "ssl_crtd -c -s /var/lib/ssl_db".
> >
> > I've tried a lot of workarounds from this mailing list but none of them
> > worked for me, these are the permissions that I have:
> >
> > [root at localhost admin]#  /usr/lib64/squid/ssl_crtd -c -s /var/lib/ssl_db
> >
> > [root at localhost admin]# ll /var/lib/ssl_db
> > total 4
> > drwxr-xr-x. 2 squid squid 6 Aug 27 15:06 certs
> > -rw-r--r--. 1 squid squid 0 Aug 27 15:06 index.txt
> > -rw-r--r--. 1 squid squid 1 Aug 27 15:06 size
> >
>
> Have you updated SELinux permissions after creating or changing the
> directory?
>
>  test -x /sbin/restorecon && restorecon /var/lib/ssl_db
>
>
> >
> > OS: CentOS 7
> > [root at localhost admin]# squid -v
> > Squid Cache: Version 3.5.27
> > Service Name: squid
> >
>
> Missing the configure options which will say what --with-default-user=
> was set to. That account needs to match the one with rights to the
> directory - it may not be "squid".
>
>
> Also, please update to Squid-4. It has much better support for SSL-Bump
> features than squid-3.x. Eliezer has packages available
>
>
> Amos
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users
>

-- 
http://maxonico.dpi-studio.com.ar
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20180828/3c8c421f/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: squid.conf
Type: application/octet-stream
Size: 2025 bytes
Desc: not available
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20180828/3c8c421f/attachment.obj>