When trying to generate dynamic certs using ssl-bump and Squid 3.3, we
are getting the "No Valid SSL Signing Cert .." message, though the path
to the cert is correct, as is the permissions on the cert file.
We are trying to use a CA cert for the purpose of signing the
dynamically generated cert. The Squid config is for https port is below:
=============================================================
https_port 10.1.10.136:443 ssl-bump intercept
generate-host-certificates=on dynamic_cert_mem_cache_size=4MB
cert=/usr/local/squid/var/ssl_db/certs/DigiCertHighAssuranceEVRootCA.crt
vhost
=============================================================
Does anyone know why this cert would not be a valid signing cert? It
works when using a self-signed cert, but get the message Protocol error
(TLS code: X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT), because the signing
cert is not trusted to sign the generated cert, hence going with the CA
cert for trusted signing.
Thanks,
Jesse