[squid-users] security_file_certgen problem
Amos Jeffries
squid3 at treenet.co.nz
Tue Mar 19 11:32:14 UTC 2019
On 19/03/19 2:26 am, leomessi983 wrote:
> Hi all
> I compiled squid 4.6 with this options:
>
...
>
> And my configurations is:
...
> sslcrtd_program /usr/lib64/squid/security_file_certgen -s
> /var/lib/ssl_db -M 20MB
Have you initialized the /var/lib/ssl_db directory using the
low-privilege account Squid operates as?
>
> After that i use squid to block https requests, when i try to get
> blocked https site i get this error in my cache.log:
>
> 2019/03/18 16:46:11| WARNING: /usr/lib64/squid/security_file_certgen -s
> /var/lib/ssl_db -M 20MB #Hlpr1 exited
The helper should have output a message before it shutdown. If that
managed to get written it would occur somewhere before this line in your
cache.log.
> 2019/03/18 16:46:11| Too few /usr/lib64/squid/security_file_certgen -s
> /var/lib/ssl_db -M 20MB processes are running (need 1/10)
> 2019/03/18 16:46:11| Starting new helpers
> 2019/03/18 16:46:11| helperOpenServers: Starting 1/10
> 'security_file_certgen' processes
> 2019/03/18 16:46:11| "ssl_crtd" helper returned <NULL> reply.
>
>
> What is wrong? what am i do?!
>
Usually run the helper manually with the -c option to initialize the
OpenSSL certificate storage before using it. Make sure this is done with
the same user account Squid will be using when it runs.
Also make sure that anything like AppArmor or SELinux that does
advanced filesystem permissions is updated to permit access to Squid.
Amos
More information about the squid-users
mailing list