[squid-users] compile squid with tumbleweed
Amos Jeffries
squid3 at treenet.co.nz
Fri Apr 2 11:02:38 UTC 2021
On 1/04/21 11:41 pm, Majed Zouhairy wrote:
>
> to enable ssl bumping.
>
> specifically those commands:
>
> /usr/share/ssl/misc/CA.pl -newca
> /usr/share/ssl/misc/CA.pl -newreq
> /usr/share/ssl/misc/CA.pl -sign
> openssl x509 -in newcert.pem -outform DER -out squidTrusted.der
> sudo squid -z
>
> asks for certificate password
> then
>
> Enter PEM pass phrase:
> 2021/04/01 13:17:03| Created PID file (/run/squid.pid)
> zouhairy at proxy:~> 2021/04/01 13:17:03 kid1| WARNING: BCP 177 violation.
> Detected non-functional IPv6 loopback.
> Enter PEM pass phrase:
> 2021/04/01 13:17:03 kid1| FATAL: No valid signing certificate configured
> for HTTP_port 0.0.0.0:8080
That says there is no CA certificate found in the file configured for
that ports tls-cert= option. Squid requires a signing (CA) certificate
and its private key in order to perform SSL-Bump.
With "squid -k parse" Squid should tell you what it is loading from that
file.
>
> squid conf:
>
...
>
> http_port 8080 ssl-bump generate-host-certificates=on
> dynamic_cert_mem_cache_size=4MB cert=/etc/squid/certs/newcert.pem
> key=/etc/squid/certs/newkey.pem capath=/home/zouhairy/demoCA
>
>
> ssl_bump peek all
> ssl_bump splice all
>
> sslproxy_cert_error allow all
>
Amos
More information about the squid-users
mailing list