[squid-users] No valid signing SSL certificate configured for HTTPS_port
Alex Rousskov
rousskov at measurement-factory.com
Thu Sep 28 14:58:52 UTC 2023
On 2023-09-28 00:52, Bud Miljkovic wrote:
> # Intercept tranparent HTTPS traffic
> https_port 3129 intercept ssl-bump ssl_bump splice all
This should be refactored into two lines:
https_port 3129 intercept ssl-bump ...
ssl_bump splice all
After that, replace "..." above with cert=... and, optionally, other
ssl-bump parameters from your other "https_port 3129" line below.
> # Add certificate
> https_port 3129 intercept ssl-bump ...
Remove these lines: The https_port directive does not support "adding"
options to previously configured port. Use a single https_port directive
per port. Same for http_port, of course.
HTH,
Alex.
> https_port 3129 intercept ssl-bump \
> cert=/etc/squid/ssl_cert/myCA.pem \
> generate-host-certificates=on dynamic_cert_mem_cache_size=4MB
>
> sslcrtd_program /usr/local/squid/libexec/ssl_crtd -s /var/lib/ssl_db -M 4MB
>
> #Visible hostname
> visible_hostname ctct-r2
> ```
> When the `squid.service` is started the following output is printed:
>
> ```
> Sep 28 16:17:04 ctct-r2 systemd[1]: Started Squid Proxy Server (OTA Mode).
> Sep 28 16:17:04 ctct-r2 squid[1059]: No valid signing SSL certificate
> configured for HTTPS_port [::]:3129
> Sep 28 16:17:04 ctct-r2 squid[1059]: FATAL: No valid signing SSL
> certificate configured for HTTPS_port [::]:3129
> Sep 28 16:17:04 ctct-r2 squid[1059]: Squid Cache (Version 3.5.25):
> Terminated abnormally.
> Sep 28 16:17:04 ctct-r2 squid[1059]: CPU Usage: 0.040 seconds = 0.030
> user + 0.010 sys
> Sep 28 16:17:04 ctct-r2 squid[1059]: Maximum Resident Size: 38656 KB
> ```
> Any lead is greatly appreciated.
>
> Buda
>
>
>
> --
> Budimir Miljković BSc E | He
> Senior Development Engineer
> Civil Construction Field Systems
> Trimble
>
> 11-17 Birmingham Drive, Christchurch, Canterbury, 8024
> New Zealand
> +64 3 963-5550 Direct
> +64 21 419-024 Mobile
>
> www.trimble.com <http://www.trimble.com>
>
> This email may contain confidential information that is intended only
> for the listed recipient(s) of this email. Any unauthorized review, use,
> disclosure or distribution is prohibited. If you believe you have
> received this email in error, please immediately delete this email and
> any attachments, and inform me via reply email.
>
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> https://lists.squid-cache.org/listinfo/squid-users
More information about the squid-users
mailing list