Rakesh Jha wrote:
Hi,
I have squid V3 PRE5 running RHL for 2 years without any problem for
https access to OWA. As the ssl certificate was expiring we received a
new ssl certificate and since then I have problem. I have installed a
new box with Squid3.0.STABLE12.
When I start squid with "-DYNCD3" option I can do https to OWA but squid
aborts after some time.
And when I start squid without any option, I can not access OWA and get
"page cannot be displayed" and cache.log registers following error when
I do first time: https://owa
2009/02/08 16:52:27| httpsAccept: Error allocating handle:
error:0906A068:PEM routines:PEM_do_header:bad password read
2009/02/08 16:52:27| httpsAccept: Error allocating handle:
error:140B0009:SSL routines:SSL_CTX_use_PrivateKey_file:PEM lib
On refreshing the screen -
2009/02/08 16:52:37| httpsAccept: Error allocating handle:
error:140BA0C3:SSL routines:SSL_new:null ssl ctx
2009/02/08 16:52:37| httpsAccept: Error allocating handle:
error:140BA0C3:SSL routines:SSL_new:null ssl ctx
What could be the problem? Please help.
Squid by default runs as a daemon mode. Setting up a parent process that
monitors several child processes to make sure the service is never down
for long in the event of a fatal crash.
When started like that (no special options) there may be no way for the
child process or recovered process to ask for the certificate password.
You have two options:
* ALWAYS do the manual start with options preventing daemon and
recovery mode.
* use PEM certificate that is signed but not password encrypted.
Amos
--
Please be using
Current Stable Squid 2.7.STABLE6 or 3.0.STABLE13
Current Beta Squid 3.1.0.5
