<html>
  <head>
    <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
  </head>
  <body text="#000000" bgcolor="#FFFFFF">
    <p>Well. Let's check more deep.</p>
    <p>Show me parameter sslcrtd_program in your squid.conf<br>
    </p>
    <br>
    <div class="moz-cite-prefix">12.09.2017 1:23, Rohit Sodhia пишет:<br>
    </div>
    <blockquote type="cite"
cite="mid:CAN1w9tcuVmZnQV+4aj=ZXD=rwBeOUUaHq7xOJkoGurGeq-=nwQ@mail.gmail.com">
      <div dir="ltr">
        <div>
          <div>Unfortunately, no luck yet. Thank you again for your help
            before.<br>
            <br>
          </div>
          I found that the user squid and group squid existed already,
          so I added<br>
          <br>
          cache_effective_user squid<br>
          cache_effective_group squid<br>
          <br>
        </div>
        to my config (first two lines), made sure /var/lib/ssl_db and
        it's contents were set to squid:squid and restarted the service,
        but I'm still getting the same error :(<br>
      </div>
      <div class="gmail_extra"><br>
        <div class="gmail_quote">On Mon, Sep 11, 2017 at 2:42 PM, Rohit
          Sodhia <span dir="ltr"><<a
              href="mailto:sodhia.rohit@gmail.com" target="_blank"
              moz-do-not-send="true">sodhia.rohit@gmail.com</a>></span>
          wrote:<br>
          <blockquote class="gmail_quote" style="margin:0 0 0
            .8ex;border-left:1px #ccc solid;padding-left:1ex">
            <div dir="ltr">I'll try that immediately, thanks! I
              appreciate all your advice; hopefully I won't have to
              reach out again :p<br>
            </div>
            <div class="HOEnZb">
              <div class="h5">
                <div class="gmail_extra"><br>
                  <div class="gmail_quote">On Mon, Sep 11, 2017 at 2:39
                    PM, Yuri <span dir="ltr"><<a
                        href="mailto:yvoinov@gmail.com" target="_blank"
                        moz-do-not-send="true">yvoinov@gmail.com</a>></span>
                    wrote:<br>
                    <blockquote class="gmail_quote" style="margin:0 0 0
                      .8ex;border-left:1px #ccc solid;padding-left:1ex">
                      <div text="#000000" bgcolor="#FFFFFF">
                        <p>I'm not Linux fanboy, but modern squid never
                          runs as root. So, most probably it runs as
                          nobody user.</p>
                        <p>Ah, yes:</p>
                        <p>#  TAG: cache_effective_user<br>
                          #    If you start Squid as root, it will
                          change its effective/real<br>
                          #    UID/GID to the user specified below.  The
                          default is to change<br>
                          #    to UID of nobody.<br>
                          #    see also; cache_effective_group<br>
                          #Default:<br>
                          # cache_effective_user nobody<br>
                          <br>
                          #  TAG: cache_effective_group<br>
                          #    Squid sets the GID to the effective
                          user's default group ID<br>
                          #    (taken from the password file) and
                          supplementary group list<br>
                          #    from the groups membership.<br>
                          #<br>
                          #    If you want Squid to run with a specific
                          GID regardless of<br>
                          #    the group memberships of the effective
                          user then set this<br>
                          #    to the group (or GID) you want Squid to
                          run as. When set<br>
                          #    all other group privileges of the
                          effective user are ignored<br>
                          #    and only this GID is effective. If Squid
                          is not started as<br>
                          #    root the user starting Squid MUST be
                          member of the specified<br>
                          #    group.<br>
                          #<br>
                          #    This option is not recommended by the
                          Squid Team.<br>
                          #    Our preference is for administrators to
                          configure a secure<br>
                          #    user account for squid with UID/GID
                          matching system policies.<br>
                          #Default:<br>
                          # Use system group memberships of the
                          cache_effective_user account<br>
                        </p>
                        <p>As documented. :)</p>
                        <p>AFAIK best solution is create non-privileged
                          group & user (like squid/squid) and set
                          both this parameters explicity.</p>
                        <p>Then change owner recursively on SSL cache to
                          this user.<br>
                        </p>
                        <br>
                        <div
                          class="m_-1180743849463029590m_79739255208442972moz-cite-prefix">12.09.2017
                          0:36, Rohit Sodhia пишет:<br>
                        </div>
                        <div>
                          <div class="m_-1180743849463029590h5">
                            <blockquote type="cite">
                              <div dir="ltr">Neither of those values are
                                set in my config. Even though I'm not
                                using squid for caching, I need those
                                values? They aren't set in the default
                                configs either.<br>
                              </div>
                              <div class="gmail_extra"><br>
                                <div class="gmail_quote">On Mon, Sep 11,
                                  2017 at 2:33 PM, Yuri <span dir="ltr"><<a
                                      href="mailto:yvoinov@gmail.com"
                                      target="_blank"
                                      moz-do-not-send="true">yvoinov@gmail.com</a>></span>
                                  wrote:<br>
                                  <blockquote class="gmail_quote"
                                    style="margin:0 0 0
                                    .8ex;border-left:1px #ccc
                                    solid;padding-left:1ex">
                                    <div text="#000000"
                                      bgcolor="#FFFFFF">
                                      <p>Most probably you squid runs as
                                        another user than squid.</p>
                                      <p>Check your squid.conf for
                                        cache_effective_user and
                                        cache_effective_group values.</p>
                                      <p>Then change SSL cache
                                        permissions to this values.
                                        Should work.<br>
                                      </p>
                                      <br>
                                      <div
class="m_-1180743849463029590m_79739255208442972m_7407759860043048659moz-cite-prefix">12.09.2017
                                        0:30, Rohit Sodhia пишет:<br>
                                      </div>
                                      <div>
                                        <div
                                          class="m_-1180743849463029590m_79739255208442972h5">
                                          <blockquote type="cite">
                                            <div dir="ltr">
                                              <div>Thanks for the
                                                feedback! I just used
                                                yum (it's a CentOS 7 VB)
                                                and it set it up like
                                                that. I changed the
                                                owner and group to
                                                squid:squid and tried
                                                restarting squid, but
                                                still get the same
                                                errors. I thought to run
                                                the command again, but
                                                this time it says<br>
                                                <br>
/usr/lib64/squid/ssl_crtd: Cannot create /var/lib/ssl_db<br>
                                                <br>
                                              </div>
                                              If this folder has
                                              incorrect permissions are
                                              there possibly other
                                              permission issues?<br>
                                            </div>
                                            <div class="gmail_extra"><br>
                                              <div class="gmail_quote">On
                                                Mon, Sep 11, 2017 at
                                                2:25 PM, Yuri <span
                                                  dir="ltr"><<a
                                                    href="mailto:yvoinov@gmail.com"
                                                    target="_blank"
                                                    moz-do-not-send="true">yvoinov@gmail.com</a>></span>
                                                wrote:<br>
                                                <blockquote
                                                  class="gmail_quote"
                                                  style="margin:0 0 0
                                                  .8ex;border-left:1px
                                                  #ccc
                                                  solid;padding-left:1ex">
                                                  <div text="#000000"
                                                    bgcolor="#FFFFFF">
                                                    <p>Here you root of
                                                      problem.</p>
                                                    <p>Should be (on my
                                                      setups):</p>
                                                    <p># ls -al
                                                      /var/lib/ssl_db<br>
                                                      total 326<br>
                                                      drwxr-xr-x 3 squid
                                                      squid      5 Sep 
                                                      5 00:53 .<br>
                                                      drwxr-xr-x 8 root 
                                                      other      8 Sep 
                                                      5 00:53 ..<br>
                                                      drwxr-xr-x 2 squid
                                                      squid    454 Sep
                                                      11 23:37 certs<br>
                                                      -rw-r--r-- 1 squid
                                                      squid 280575 Sep
                                                      11 23:37 index.txt<br>
                                                      -rw-r--r-- 1 squid
                                                      squid      7 Sep
                                                      11 23:37 size<br>
                                                    </p>
                                                    <p>I.e. Squid has no
                                                      access to SSL
                                                      cache dir
                                                      structures. <br>
                                                    </p>
                                                    <br>
                                                    <div
class="m_-1180743849463029590m_79739255208442972m_7407759860043048659m_8619755247267626566moz-cite-prefix">12.09.2017
                                                      0:23, Rohit Sodhia
                                                      пишет:<br>
                                                    </div>
                                                    <div>
                                                      <div
                                                        class="m_-1180743849463029590m_79739255208442972m_7407759860043048659h5">
                                                        <blockquote
                                                          type="cite">
                                                          <div dir="ltr">total
                                                          8<br>
                                                          drwxr-xr-x.  3
                                                          root root   48
                                                          Sep 11 12:42 .<br>
                                                          drwxr-xr-x. 32
                                                          root root 4096
                                                          Sep 11 12:42
                                                          ..<br>
                                                          drwxr-xr-x.  2
                                                          root root    6
                                                          Sep 11 12:42
                                                          certs<br>
                                                          -rw-r--r--.  1
                                                          root root    0
                                                          Sep 11 12:42
                                                          index.txt<br>
                                                          -rw-r--r--.  1
                                                          root root    1
                                                          Sep 11 12:42
                                                          size<br>
                                                          <br>
                                                          </div>
                                                          <div
                                                          class="gmail_extra"><br>
                                                          <div
                                                          class="gmail_quote">On
                                                          Mon, Sep 11,
                                                          2017 at 2:22
                                                          PM, Yuri <span
                                                          dir="ltr"><<a
href="mailto:yvoinov@gmail.com" target="_blank" moz-do-not-send="true">yvoinov@gmail.com</a>></span>
                                                          wrote:<br>
                                                          <blockquote
                                                          class="gmail_quote"
style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
                                                          <div
                                                          text="#000000"
bgcolor="#FFFFFF">
                                                          <p>Show output
                                                          of <br>
                                                          </p>
                                                          <p>ls -al
                                                          /var/lib/ssl_db</p>
                                                          <br>
                                                          <div
class="m_-1180743849463029590m_79739255208442972m_7407759860043048659m_8619755247267626566m_551260681713239387moz-cite-prefix">12.09.2017
                                                          0:21, Rohit
                                                          Sodhia пишет:<br>
                                                          </div>
                                                          <div>
                                                          <div
class="m_-1180743849463029590m_79739255208442972m_7407759860043048659m_8619755247267626566h5">
                                                          <blockquote
                                                          type="cite">
                                                          <div dir="ltr">Yes,
                                                          but telling me
                                                          it's crashing
                                                          unfortunately
                                                          doesn't help
                                                          me figure out
                                                          why or how to
                                                          fix it. I've
                                                          run the
                                                          command it
                                                          suggests but
                                                          it doesn't
                                                          help. I'm
                                                          unfortunately
                                                          not an ops guy
                                                          familiar with
                                                          this kind of
                                                          stuff; I don't
                                                          see anything
                                                          on how to
                                                          figure out
                                                          what to do
                                                          about it.<br>
                                                          </div>
                                                          <div
                                                          class="gmail_extra"><br>
                                                          <div
                                                          class="gmail_quote">On
                                                          Mon, Sep 11,
                                                          2017 at 2:17
                                                          PM, Yuri <span
                                                          dir="ltr"><<a
href="mailto:yvoinov@gmail.com" target="_blank" moz-do-not-send="true">yvoinov@gmail.com</a>></span>
                                                          wrote:<br>
                                                          <blockquote
                                                          class="gmail_quote"
style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">It
                                                          tells you
                                                          what's
                                                          happens.<br>
                                                          <br>
                                                          <br>
                                                          11.09.2017
                                                          23:50, Rohit
                                                          Sodhia пишет:<br>
                                                          <div
class="m_-1180743849463029590m_79739255208442972m_7407759860043048659m_8619755247267626566m_551260681713239387HOEnZb">
                                                          <div
class="m_-1180743849463029590m_79739255208442972m_7407759860043048659m_8619755247267626566m_551260681713239387h5">>
                                                          (ssl_crtd):
                                                          Uninitialized
                                                          SSL
                                                          certificate
                                                          database
                                                          directory:<br>
                                                          >
                                                          /var/lib/ssl_db.
                                                          To initialize,
                                                          run "ssl_crtd
                                                          -c -s
                                                          /var/lib/ssl_db".<br>
                                                          <br>
                                                          <br>
                                                          </div>
                                                          </div>
                                                          <br>
______________________________<wbr>_________________<br>
                                                          squid-users
                                                          mailing list<br>
                                                          <a
                                                          href="mailto:squid-users@lists.squid-cache.org"
target="_blank" moz-do-not-send="true">squid-users@lists.squid-cache.<wbr>org</a><br>
                                                          <a
                                                          href="http://lists.squid-cache.org/listinfo/squid-users"
rel="noreferrer" target="_blank" moz-do-not-send="true">http://lists.squid-cache.org/l<wbr>istinfo/squid-users</a><br>
                                                          <br>
                                                          </blockquote>
                                                          </div>
                                                          <br>
                                                          </div>
                                                          </blockquote>
                                                          <br>
                                                          </div>
                                                          </div>
                                                          </div>
                                                          </blockquote>
                                                          </div>
                                                          <br>
                                                          </div>
                                                        </blockquote>
                                                        <br>
                                                      </div>
                                                    </div>
                                                  </div>
                                                </blockquote>
                                              </div>
                                              <br>
                                            </div>
                                          </blockquote>
                                          <br>
                                        </div>
                                      </div>
                                    </div>
                                  </blockquote>
                                </div>
                                <br>
                              </div>
                            </blockquote>
                            <br>
                          </div>
                        </div>
                      </div>
                    </blockquote>
                  </div>
                  <br>
                </div>
              </div>
            </div>
          </blockquote>
        </div>
        <br>
      </div>
    </blockquote>
    <br>
  </body>
</html>