On 19/09/12 17:26, Eliezer Croitoru wrote: > On 9/19/2012 1:44 PM, Linos wrote: >> Hi, >> i have been using Squid squid-3.2.0.17-20120527-r11561 in an Ubuntu Server >> 12.04 some time with ssl-bump without problems for a year, the ca cert expired >> some days ago and with the new ca cert i installed squid 3.2.1 stable. >> >> Now the proxy exists every time 10 or more users use https at the same time, >> it's pretty strange, i have tried to downgrade to the old squid version but i >> can't get the proxy to be stable no matter if using new or old version, i have >> tried to recreate other cert just in case, same problem, i recreated too >> squid_ssl_db and cache_dir, no matter what i do it keeps crashing, the cache log >> read as this: >> > <SNIP> >> >> I am using this ssl-bump line in squid.conf: >> http_port 3150 ssl-bump generate-host-certificates=on >> dynamic_cert_mem_cache_size=16MB cert=/etc/squid3/ssl_cert/myCA.pem >> >> I generated this myCA.pem using the instructions here >> http://wiki.squid-cache.org/Features/DynamicSslCert > > do you still have the old pem file? > If it's expired ok but it should be still running but creating defective > certificates. I have the old pem, yes, but squid it's working fine with the new until more than 5~6 people visit at the same time a https site, don't seems to be a problem with a non-working certificate, i will test with the old one anyway. > > did you changed ownership for the directory and files? I have checked the ownership and files many times, and recreated the directories some times too. > did you tried to run the command from shell to see if it works? it works because being launch by squid works too for some time. > > Eliezer > Miguel Angel.
