Squid Cache: Version 2.5.STABLE11
configure options: --host=i386-redhat-linux --build=i386-redhat-linux
--target=i386-redhat-linux-gnu
--prefix=/usr --exec-prefix=/usr
--bindir=/usr/bin
--sbindir=/usr/sbin --sysconfdir=/etc
--datadir=/usr/share
--includedir=/usr/include --libdir=/usr/lib
--libexecdir=/usr/libexec
--localstatedir=/var
--sharedstatedir=/usr/com --mandir=/usr/share/man
--infodir=/usr/share/info --exec_prefix=/usr
--libexecdir=/usr/lib/squid
--localstatedir=/var
--sysconfdir=/etc/squid--enable-poll --enable-snmp
--enable-removal-policies=heap,lru
--enable-storeio=aufs,coss,diskd,ufs
--enable-ssl --with-openssl=/usr/kerberos
--enable-delay-pools
--enable-linux-netfilter --with-pthreads
--enable-basic-auth-helpers=LDAP,NCSA,PAM,SMB,SASL,MSNT
--enable-ntlm-auth-helpers=SMB,winbind
--enable-external-acl-helpers=ip_user,ldap_group,unix_group,wbinfo_group,winbind_group
https_port config file line definition:
https_port 209.202.99.178:443 cert=/etc/squid/webmail.pem
When I enable the above line in my configuration file squid fails to
start. In the /var/log/messages I get:
Nov 30 17:28:14 proxy1 squid[3818]: Squid Parent: child process 3820
exited with status 0
Nov 30 17:28:24 proxy1 squid[5338]: Squid Parent: child process 5340 started
Nov 30 17:28:24 proxy1 (squid): Failed to acquire SSL private key:
error:0906D06C:PEM routines:PEM_read_bio:no start line
Nov 30 17:28:24 proxy1 squid[5338]: Squid Parent: child process 5340
exited due to signal 6
Nov 30 17:28:27 proxy1 squid[5338]: Squid Parent: child process 5389 started
Nov 30 17:28:28 proxy1 (squid): Failed to acquire SSL private key:
error:0906D06C:PEM routines:PEM_read_bio:no start line
Nov 30 17:28:28 proxy1 squid[5338]: Squid Parent: child process 5389
exited due to signal 6
Nov 30 17:28:31 proxy1 squid[5338]: Squid Parent: child process 5437 started
Nov 30 17:28:32 proxy1 (squid): Failed to acquire SSL private key:
error:0906D06C:PEM routines:PEM_read_bio:no start line
Nov 30 17:28:32 proxy1 squid[5338]: Squid Parent: child process 5437
exited due to signal 6
Nov 30 17:28:35 proxy1 squid[5338]: Squid Parent: child process 5483 started
Nov 30 17:28:35 proxy1 (squid): Failed to acquire SSL private key:
error:0906D06C:PEM routines:PEM_read_bio:no start line
Nov 30 17:28:35 proxy1 squid[5338]: Squid Parent: child process 5483
exited due to signal 6
Nov 30 17:28:38 proxy1 squid[5338]: Squid Parent: child process 5530 started
Nov 30 17:28:39 proxy1 (squid): Failed to acquire SSL private key:
error:0906D06C:PEM routines:PEM_read_bio:no start line
Nov 30 17:28:39 proxy1 squid[5338]: Squid Parent: child process 5530
exited due to signal 6
Nov 30 17:28:39 proxy1 squid[5338]: Exiting due to repeated, frequent
failures
From the default squid.conf file (the one with the documentation
comments), I noticed this:
# TAG: https_port
#Usage: [ip:]port cert=certificate.pem [key=key.pem] [options...]
#
#The socket address where Squid will listen for HTTPS client
# requests.
#
# This is really only useful for situations where you are running
# squid in accelerator mode and you want to do the SSL work at the
# accelerator level.
#
# You may specify multiple socket addresses on multiple lines,
# each with their own SSL certificate and/or options.
The remark about "This is really only useful for situations where you
are running squid in accelerator mode and you want to do the SSL work at
the accelerator level." makes me question whether I need an "https_port"
directive.
So do I need "https_port" for transparent (reverse) proxying in 2.5
STABLE 11?
If yes, then how do I approach resolving the errors I am getting?
Thanks.
Tim
--
-----------------------------------------------------------
Timothy E. Neto
Computer Systems Engineer Komatsu Canada Limited
Ph#: 905-625-6292 x265 1725B Sismet Road
Fax: 905-625-6348 Mississauga, Canada
E-Mail: tneto@xxxxxxxxxx L4W 1P9
-----------------------------------------------------------