Search squid archive

Re: problems with ssl_crtd

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 19/09/12 17:26, Eliezer Croitoru wrote:
> On 9/19/2012 1:44 PM, Linos wrote:
>> Hi,
>>     i have been using Squid squid-3.2.0.17-20120527-r11561 in an Ubuntu Server
>> 12.04 some time with ssl-bump without problems for a year, the ca cert expired
>> some days ago and with the new ca cert i installed squid 3.2.1 stable.
>>
>> Now the proxy exists every time 10 or more users use https at the same time,
>> it's pretty strange, i have tried to downgrade to the old squid version but i
>> can't get the proxy to be stable no matter if using new or old version, i have
>> tried to recreate other cert just in case, same problem, i recreated too
>> squid_ssl_db and cache_dir, no matter what i do it keeps crashing, the cache log
>> read as this:
>>
> <SNIP>
>>
>> I am using this ssl-bump line in squid.conf:
>> http_port 3150 ssl-bump generate-host-certificates=on
>> dynamic_cert_mem_cache_size=16MB cert=/etc/squid3/ssl_cert/myCA.pem
>>
>> I generated this myCA.pem using the instructions here
>> http://wiki.squid-cache.org/Features/DynamicSslCert
> 
> do you still have the old pem file?
> If it's expired ok but it should be still running but creating defective
> certificates.
I have the old pem, yes, but squid it's working fine with the new until more
than 5~6 people visit at the same time a https site, don't seems to be a problem
with a non-working certificate, i will test with the old one anyway.

> 
> did you changed ownership for the directory and files?
I have checked the ownership and files many times, and recreated the directories
some times too.

> did you tried to run the command from shell to see if it works?
it works because being launch by squid works too for some time.

> 
> Eliezer
> 

Miguel Angel.




[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux