[squid-users] No valid signing SSL certificate configured for HTTPS_port

Bud Miljkovic bud_miljkovic at trimble.com
Thu Sep 28 04:52:07 UTC 2023


Would you know anything about this Squid problem?
Given the squid-ota.conf file:
```
# An ACL named 'whitelist'
acl whitelist dstdomain '/etc/squid/whitelist.ota'

# Allow whitelisted URLs through
http_access allow whitelist

# Block the rest
http_access deny all

# Intercept tranparent HTTPS traffic
https_port 3129 intercept ssl-bump ssl_bump splice all

# Send out HTTPS trafic to destination server
tcp_outgoing_address 10.3.16.51

# Add certificate
https_port 3129 intercept ssl-bump \
   cert=/etc/squid/ssl_cert/myCA.pem \
   generate-host-certificates=on dynamic_cert_mem_cache_size=4MB

sslcrtd_program /usr/local/squid/libexec/ssl_crtd -s /var/lib/ssl_db -M 4MB

#Visible hostname
visible_hostname ctct-r2
```
When the `squid.service` is started the following output is printed:

```
Sep 28 16:17:04 ctct-r2 systemd[1]: Started Squid Proxy Server (OTA Mode).
Sep 28 16:17:04 ctct-r2 squid[1059]: No valid signing SSL certificate
configured for HTTPS_port [::]:3129
Sep 28 16:17:04 ctct-r2 squid[1059]: FATAL: No valid signing SSL
certificate configured for HTTPS_port [::]:3129
Sep 28 16:17:04 ctct-r2 squid[1059]: Squid Cache (Version 3.5.25):
Terminated abnormally.
Sep 28 16:17:04 ctct-r2 squid[1059]: CPU Usage: 0.040 seconds = 0.030 user
+ 0.010 sys
Sep 28 16:17:04 ctct-r2 squid[1059]: Maximum Resident Size: 38656 KB
```
Any lead is greatly appreciated.

Buda



-- 
Budimir Miljković BSc E | He
Senior Development Engineer
Civil Construction Field Systems
Trimble

11-17 Birmingham Drive, Christchurch, Canterbury, 8024
New Zealand
+64 3 963-5550 Direct
+64 21 419-024 Mobile

www.trimble.com

This email may contain confidential information that is intended only for
the listed recipient(s) of this email. Any unauthorized review, use,
disclosure or distribution is prohibited. If you believe you have received
this email in error, please immediately delete this email and any
attachments, and inform me via reply email.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20230928/247a8810/attachment.htm>


More information about the squid-users mailing list