After logging in as the effective user and setting the cache and log ownership to this account when I launch squid I get this: commBind: Cannot bind socket FD 12 to *:443: (13) Permission denied FATAL: Cannot open HTTP Port -----Original Message----- From: Jason Hitt [mailto:Jhitt@xxxxxxxxxxxxxxx] Sent: Tuesday, June 05, 2007 9:56 AM To: squid-users@xxxxxxxxxxxxxxx Subject: RE: Cert issue on reserve proxy I was running squid as nobody:nogroup but made a user for squid and added it to cache_effective_user, logged in as the user and run the openssl command. Got whats below. Why does it say protocol is TLS, shouldn't it be sslv3? CONNECTED(00000004) depth=0 /CN=<url> verify error:num=18:self signed certificate verify return:1 depth=0 /CN=<url> verify return:1 --- Certificate chain 0 s:/CN=<url> i:/CN=<url> --- Server certificate -----BEGIN CERTIFICATE----- <cert info> -----END CERTIFICATE----- subject=/CN=<url> issuer=/CN=<url> --- No client certificate CA names sent --- SSL handshake has read 659 bytes and written 324 bytes --- New, TLSv1/SSLv3, Cipher is RC4-MD5 Server public key is 1024 bit SSL-Session: Protocol : TLSv1 Cipher : RC4-MD5 Session-ID: 7E1B0000FBDFFEC0CE1EAAAAA79B9A990AEDB5D92D7F3F6A0E213610D3EDC49E Session-ID-ctx: Master-Key: <key info> Key-Arg : None Start Time: 1181055015 Timeout : 300 (sec) Verify return code: 18 (self signed certificate) -----Original Message----- From: Henrik Nordstrom [mailto:henrik@xxxxxxxxxxxxxxxxxxx] Sent: Monday, June 04, 2007 4:37 PM To: Jason Hitt Cc: squid-users@xxxxxxxxxxxxxxx Subject: RE: Cert issue on reserve proxy mån 2007-06-04 klockan 11:20 -0500 skrev Jason Hitt: > When I added it to cache_effective_user as you mentioned I states theres no account named "openssl". I made one just to see if that's what you meant and gave the openssl account ownership of the logs and caches as needed butI get an abort trap. I'm stumped. Abort to do a port mirror and wireshark the ssl exchange. I want you to run the openssl s_client command as the cache_effective_user on your Squid server, whatever that is on your server, not as root. I do not want you to change the cache_effective_user in suqid.conf at all. Just to run the openssl command as the user cache_effective_user is set to run Squid under.. Regards Henrik