[squid-users] ssl proxy error: No valid signing SSL certificate configured for https_port [::]:3127

Alan Palmer alanpalmer72 at yahoo.com
Sun Feb 15 21:36:30 UTC 2015


I'm trying to get squid 3.4.11 on openbsd 5.6 to act as a transparent 
ssl proxy.

I've rebuilt squid with --enable-ssl-crtd, generated my own self signed 
cert (ala http://www.akadia.com/services/ssh_test_certificate.html) and 
have the following config lines:

https_port 3127 transparent ssl-bump generate-host-certificates=on 
dynamic_cert_mem_cache_size=4MB cert='/etc/squid/ssl_cert/my-cert.crt'
ssl_bump server-first all
always_direct allow all
sslproxy_flags DONT_VERIFY_PEER
sslcrtd_program /usr/local/libexec/squid/ssl_crtd -s 
/usr/local/squid/var/lib/ssl_db -M 4MB
sslcrtd_children 5

I've read all the notes, hints, email list archives, to not avail.
No matter what I do I get:

FATAL: No valid signing SSL certificate configured for https_port [::]:3127

I get the same error with the 3.4.6.p1 package from openbsd.org (sans 
ssl_crtd config lines)

ideas? solutions? help?


More information about the squid-users mailing list