I am trying to get SSL bumping to work on my CentOS system. I am using these options in my squid.conf http_port 3128 ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=4MB cert=/usr/local/squid/ssl_cert/myCA.pem sslcrtd_program /usr/lib/squid/ssl_crtd -s /usr/local/squid/var/lib/ssl_db -M 4MB sslcrtd_children 5 Here is the output of cache.log 2012/11/24 00:57:39| Starting Squid Cache version 3.2.3 for x86_64-unknown-linux-gnu... 2012/11/24 00:57:39| Process ID 53204 2012/11/24 00:57:39| Process Roles: master worker 2012/11/24 00:57:39| With 1024 file descriptors available 2012/11/24 00:57:39| Initializing IP Cache... 2012/11/24 00:57:39| DNS Socket created at [::], FD 5 2012/11/24 00:57:39| DNS Socket created at 0.0.0.0, FD 6 2012/11/24 00:57:39| Adding domain localdomain from /etc/resolv.conf 2012/11/24 00:57:39| Adding domain localdomain from /etc/resolv.conf 2012/11/24 00:57:39| Adding nameserver 192.168.253.2 from /etc/resolv.conf 2012/11/24 00:57:39| helperOpenServers: Starting 5/5 'ssl_crtd' processes (ssl_crtd): Uninitialized SSL certificate database directory: /usr/local/squid/var/lib/ssl_db. To initialize, run "ssl_crtd -c -s /usr/local/squid/var/lib/ssl_db". (ssl_crtd): Uninitialized SSL certificate database directory: /usr/local/squid/var/lib/ssl_db. To initialize, run "ssl_crtd -c -s /usr/local/squid/var/lib/ssl_db". (ssl_crtd): Uninitialized SSL certificate database directory: /usr/local/squid/var/lib/ssl_db. To initialize, run "ssl_crtd -c -s /usr/local/squid/var/lib/ssl_db". 2012/11/24 00:57:39| Logfile: opening log daemon:/var/log/access.log 2012/11/24 00:57:39| Logfile Daemon: opening log /var/log/access.log 2012/11/24 00:57:39| Store logging disabled 2012/11/24 00:57:39| Swap maxSize 0 + 262144 KB, estimated 20164 objects 2012/11/24 00:57:39| Target number of buckets: 1008 2012/11/24 00:57:39| Using 8192 Store buckets 2012/11/24 00:57:39| Max Mem size: 262144 KB 2012/11/24 00:57:39| Max Swap size: 0 KB 2012/11/24 00:57:39| Using Least Load store dir selection 2012/11/24 00:57:39| Set Current Directory to /var/cache/squid (ssl_crtd): Uninitialized SSL certificate database directory: /usr/local/squid/var/lib/ssl_db. To initialize, run "ssl_crtd -c -s /usr/local/squid/var/lib/ssl_db". (ssl_crtd): Uninitialized SSL certificate database directory: /usr/local/squid/var/lib/ssl_db. To initialize, run "ssl_crtd -c -s /usr/local/squid/var/lib/ssl_db". 2012/11/24 00:57:39| Loaded Icons. 2012/11/24 00:57:39| HTCP Disabled. 2012/11/24 00:57:39| Squid plugin modules loaded: 0 2012/11/24 00:57:39| Accepting SSL bumped HTTP Socket connections at local=[::]:3128 remote=[::] FD 19 flags=9 2012/11/24 00:57:39| WARNING: ssl_crtd #1 exited 2012/11/24 00:57:39| Too few ssl_crtd processes are running (need 1/5) 2012/11/24 00:57:39| Closing HTTP port [::]:3128 2012/11/24 00:57:39| storeDirWriteCleanLogs: Starting... 2012/11/24 00:57:39| Finished. Wrote 0 entries. 2012/11/24 00:57:39| Took 0.00 seconds ( 0.00 entries/sec). FATAL: The ssl_crtd helpers are crashing too rapidly, need help! Squid Cache (Version 3.2.3): Terminated abnormally. CPU Usage: 0.051 seconds = 0.023 user + 0.028 sys Maximum Resident Size: 44192 KB Page faults with physical i/o: 0 Memory usage for squid via mallinfo(): total space in arena: 4908 KB Ordinary blocks: 4848 KB 8 blks Small blocks: 0 KB 1 blks Holding blocks: 664 KB 2 blks Free Small blocks: 0 KB Free Ordinary blocks: 59 KB Total in use: 5512 KB 112% Total free: 59 KB 1% I see that it complains about the certificate db which is not initialized, so I run: [root@localhost ssl_cert]# /usr/lib/squid/ssl_crtd -c -s /usr/local/squid/var/lib/ssl_db Initialization SSL db... /usr/lib/squid/ssl_crtd: Cannot create /usr/local/squid/var/lib/ssl_db I have the correct ownership and file permissions set to /usr/local/squid/var/lib/ssl_db [root@localhost ssl_cert]# ls -l /usr/local/squid/var/lib/ total 4 drwxr-xr-x. 2 proxy proxy 4096 Nov 24 00:48 ssl_db How can I get this to work?
