[squid-users] Squid 4 ssl_bump issue

Amos Jeffries squid3 at treenet.co.nz
Fri Apr 5 04:22:37 UTC 2019


On 5/04/19 12:37 am, Davide Belloni wrote:
> Hi,
> this is the certificate that I'm using at the moment:
> 

AFAICS the pieces Squid-4 needs for your config and checks for are all
there.

Are the pieces correctly ordered in the .pem file? key first, then CA cert.


> 
> On Thu, 4 Apr 2019 at 12:57, Davide Belloni wrote:
> 
>     Hi, thanks very much for all the advices!
>     About the action to generate the certificate I've followed the squid
>     wiki, that doesn't modify (if I remember correctly) openssl conf to
>     create it .
> 
>     Do you have some link to a good howto about that?
> 


Ah, we have several how-to's in the wiki. The SSL-Bump documentation has
an example. The ConfigExamples section has one for self-signed root CA
like yours, one for intermediate CA signing cert, and one for a wildcard
domain cert.

The one most relevant to what you have is:
<https://wiki.squid-cache.org/ConfigExamples/Intercept/SslBumpExplicit#Features.2FDynamicSslCert.Create_Self-Signed_Root_CA_Certificate>

If this already matches what you are doing, and the PEM file content is
correct, and that context creation ERROR still shows up. Then your next
step would be to start Squid with the -X command line option and see if
anything more specific about it shows up.
 (This will produce a huge amount of debug info, but you only need the
startup sequence where the ERROR shows up. It should not be necessary to
send traffic until the context is working.)

Amos


More information about the squid-users mailing list