Try giving the key=/path-to-key directive. It would be the same as cert if you have them in the same file. On Thu, Oct 18, 2012 at 12:09 AM, Jesse Smith <jessesmith@xxxxxxxxxxxxxx> wrote: > When trying to generate dynamic certs using ssl-bump and Squid 3.3, we are > getting the "No Valid SSL Signing Cert .." message, though the path to the > cert is correct, as is the permissions on the cert file. > > We are trying to use a CA cert for the purpose of signing the dynamically > generated cert. The Squid config is for https port is below: > > ============================================================= > https_port 10.1.10.136:443 ssl-bump intercept generate-host-certificates=on > dynamic_cert_mem_cache_size=4MB > cert=/usr/local/squid/var/ssl_db/certs/DigiCertHighAssuranceEVRootCA.crt > vhost > ============================================================= > > Does anyone know why this cert would not be a valid signing cert? It works > when using a self-signed cert, but get the message Protocol error (TLS code: > X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT), because the signing cert is not > trusted to sign the generated cert, hence going with the CA cert for trusted > signing. > > Thanks, > Jesse -- Regards, -Ahmed Talha Khan
