[squid-users] ssl proxy error: No valid signing SSL certificate configured for https_port [::]:3127
Alan Palmer
alanpalmer72 at yahoo.com
Sun Feb 15 21:36:30 UTC 2015
I'm trying to get squid 3.4.11 on openbsd 5.6 to act as a transparent
ssl proxy.
I've rebuilt squid with --enable-ssl-crtd, generated my own self signed
cert (ala http://www.akadia.com/services/ssh_test_certificate.html) and
have the following config lines:
https_port 3127 transparent ssl-bump generate-host-certificates=on
dynamic_cert_mem_cache_size=4MB cert='/etc/squid/ssl_cert/my-cert.crt'
ssl_bump server-first all
always_direct allow all
sslproxy_flags DONT_VERIFY_PEER
sslcrtd_program /usr/local/libexec/squid/ssl_crtd -s
/usr/local/squid/var/lib/ssl_db -M 4MB
sslcrtd_children 5
I've read all the notes, hints, email list archives, to not avail.
No matter what I do I get:
FATAL: No valid signing SSL certificate configured for https_port [::]:3127
I get the same error with the 3.4.6.p1 package from openbsd.org (sans
ssl_crtd config lines)
ideas? solutions? help?
More information about the squid-users
mailing list