So I found that the server comes up and stays up if I run: sudo -u squid /usr/sbin/squid -f /etc/squid/squid.conf or as root: /usr/sbin/squid -f /etc/squid/squid.conf # /usr/sbin/squid -f /etc/squid/squid.conf # ps -ef | grep squid root 30358 1 0 17:20 ? 00:00:00 /usr/sbin/squid -f /etc/squid/squid.conf squid 30360 30358 0 17:20 ? 00:00:00 (squid-1) -f /etc/squid/squid.conf squid 30361 30360 0 17:20 ? 00:00:00 (ssl_crtd) -d -s /var/squid/ssl_db -M 4MB -b 4096 squid 30362 30360 0 17:20 ? 00:00:00 (ssl_crtd) -d -s /var/squid/ssl_db -M 4MB -b 4096 squid 30363 30360 0 17:20 ? 00:00:00 (ssl_crtd) -d -s /var/squid/ssl_db -M 4MB -b 4096 squid 30364 30360 0 17:20 ? 00:00:00 (ssl_crtd) -d -s /var/squid/ssl_db -M 4MB -b 4096 squid 30365 30360 0 17:20 ? 00:00:00 (ssl_crtd) -d -s /var/squid/ssl_db -M 4MB -b 4096 squid 30366 30360 0 17:20 ? 00:00:00 (logfile-daemon) /var/log/squid/access.log root 30368 29619 0 17:20 pts/0 00:00:00 grep squid So it appears the UID is not properly switching when running as root from startup? Contents of /etc/init.d/squid (no modifications made by me) http://pastebin.com/UeehzMH6 squid.conf excerpt: cache_effective_user squid cache_effective_group squid > -----Original Message----- > From: Jason A. Sloan [mailto:jason_sloan@xxxxxxxxx] > Sent: Thursday, January 10, 2013 8:29 AM > To: 'Ahmed Talha Khan' > Cc: 'squid-users@xxxxxxxxxxxxxxx' > Subject: RE: ssl_crtd reporting certificate database as > uninitialized > > # pwd > /var > # ll > ... > drwxr-xr-x. 3 squid squid 4096 Jan 9 21:29 squid ... > # cd squid > # ll > drwxr-xr-x. 3 squid nobody 4096 Jan 9 21:29 ssl_db # cd ssl_db # ll drwxr-xr- > x. 2 squid nobody 4096 Jan 9 21:29 certs > -rw-r--r--. 1 squid nobody 0 Jan 9 21:29 index.txt > -rw-r--r--. 1 squid nobody 8 Jan 9 21:29 serial > -rw-r--r--. 1 squid nobody 1 Jan 9 21:29 size > > > > -----Original Message----- > > From: Ahmed Talha Khan [mailto:auny87@xxxxxxxxx] > > Sent: Thursday, January 10, 2013 4:26 AM > > To: Jason A. Sloan > > Cc: squid-users@xxxxxxxxxxxxxxx > > Subject: Re: ssl_crtd reporting certificate database as > > uninitialized > > > > Are the parent directories of ssl_db writeable by the squid user?You > > might want to look at that too > > > > On Thu, Jan 10, 2013 at 7:40 AM, Jason A. Sloan > > <jason_sloan@xxxxxxxxx> > > wrote: > > > No joy. > > > > > > I initially ran the ssl_crtd command as root before using sudo to > > > run it as the squid user. Regardless I tried that to no avail. > > > > > > As root: > > > > > > Deleted existing ssl_db implementation. > > > > > > /usr/lib/squid/ssl_crtd -c -s /var/squid/ssl_db Initialization SSL > > > db... > > > Done > > > > > > chown -R squid:nobody ssl_db/ > > > > > > Attempt to start died with same error message: > > > (ssl_crtd): Uninitialized SSL certificate database directory: > > > /var/squid/ssl_db. To initialize, run "ssl_crtd -c -s /var/squid/ssl_db". > > > ... > > > FATAL: The ssl_crtd helpers are crashing too rapidly, need help! > > > > > > -----Original Message----- > > > From: Ahmed Talha Khan [mailto:auny87@xxxxxxxxx] > > > Sent: Wednesday, January 09, 2013 1:56 PM > > > To: Jason A. Sloan > > > Cc: squid-users@xxxxxxxxxxxxxxx > > > Subject: Re: ssl_crtd reporting certificate database > > > as uninitialized > > > > > > Try to create the ssl_db without sudo . There seems to be a problem > > > with the permissions on that directory. Also change the group > > > ownership of ssl_db to "nobody". I hope that helps > > > > > > On Wed, Jan 9, 2013 at 11:38 PM, Jason A. Sloan > > > <jason_sloan@xxxxxxxxx> > > > wrote: > > >> I'm setting up dynamic SSL cert generation on a Centos 6.3 (i686) > > >> platform but I can't seem to get ssl-crtd to believe it's initialized. > > >> Perhaps I'm missing something. Either way I could use another set > > >> of eyes > > > / ideas. > > >> > > >> I have compiled the latest stable release (3.2.5) and installed it. > > >> Packaged release was not compiled with --enable-ssl-crtd. > > >> > > >> When starting squid I get a message in cache.log from ssl-crtd that > > >> it believes the SSL Certificate database is uninitialized.. > > >> > > >> However I have executed the following: > > >> > > >> sudo -u squid /usr/lib/squid/ssl_crtd -c -s /var/squid/ssl_db > > >> Initialization SSL db... > > >> Done > > >> > > >> I can even execute ssl-crtd outside of squid and get a response.. > > >> > > >> sudo -u squid /usr/lib/squid/ssl_crtd -s /var/squid/ssl_db -M 4MB > > >> new_certificate 13 host=test.com OK 1531 -----BEGIN > > >> CERTIFICATE----- MIIBmDCC. -----END CERTIFICATE----- -----BEGIN > > >> PRIVATE KEY----- MIICdgIBADANBgkqhki. -----END PRIVATE KEY----- ^C > > >> > > >> I have even attemted to chmod -R 777 /var/squid/ssl_db with no > success. > > >> > > >> 2013/01/09 12:49:37 kid1| Starting Squid Cache version 3.2.5 for > > >> i686-pc-linux-gnu... > > >> 2013/01/09 12:49:37 kid1| Process ID 26793 > > >> 2013/01/09 12:49:37 kid1| Process Roles: worker > > >> 2013/01/09 12:49:37 kid1| With 16384 file descriptors available > > >> 2013/01/09 12:49:37 kid1| Initializing IP Cache... > > >> 2013/01/09 12:49:37 kid1| DNS Socket created at [::], FD 7 > > >> 2013/01/09 12:49:37 kid1| DNS Socket created at 0.0.0.0, FD 8 > > >> 2013/01/09 12:49:37 kid1| Adding domain gaming.local from > > >> /etc/resolv.conf > > >> 2013/01/09 12:49:37 kid1| Adding nameserver <redacted> from > > >> /etc/resolv.conf > > >> 2013/01/09 12:49:37 kid1| Adding nameserver <redacted> from > > >> /etc/resolv.conf > > >> 2013/01/09 12:49:37 kid1| helperOpenServers: Starting 5/5 'ssl_crtd' > > >> processes > > >> 2013/01/09 12:49:37 kid1| Logfile: opening log > > >> daemon:/var/log/squid/access.log > > >> 2013/01/09 12:49:37 kid1| Logfile Daemon: opening log > > >> /var/log/squid/access.log > > >> (ssl_crtd): Uninitialized SSL certificate database directory: > > >> /var/squid/ssl_db. To initialize, run "ssl_crtd -c -s /var/squid/ssl_db". > > >> (ssl_crtd): Uninitialized SSL certificate database directory: > > >> /var/squid/ssl_db. To initialize, run "ssl_crtd -c -s /var/squid/ssl_db". > > >> (ssl_crtd): Uninitialized SSL certificate database directory: > > >> /var/squid/ssl_db. To initialize, run "ssl_crtd -c -s /var/squid/ssl_db". > > >> (ssl_crtd): Uninitialized SSL certificate database directory: > > >> /var/squid/ssl_db. To initialize, run "ssl_crtd -c -s /var/squid/ssl_db". > > >> (ssl_crtd): Uninitialized SSL certificate database directory: > > >> /var/squid/ssl_db. To initialize, run "ssl_crtd -c -s /var/squid/ssl_db". > > >> 2013/01/09 12:49:37 kid1| Local cache digest enabled; > > >> rebuild/rewrite every > > >> 3600/3600 sec > > >> 2013/01/09 12:49:37 kid1| Store logging disabled > > >> 2013/01/09 12:49:37 kid1| Swap maxSize 0 + 262144 KB, estimated > > >> 20164 objects > > >> 2013/01/09 12:49:37 kid1| Target number of buckets: 1008 > > >> 2013/01/09 12:49:37 kid1| Using 8192 Store buckets > > >> 2013/01/09 12:49:37 kid1| Max Mem size: 262144 KB > > >> 2013/01/09 12:49:37 kid1| Max Swap size: 0 KB > > >> 2013/01/09 12:49:37 kid1| Using Least Load store dir selection > > >> 2013/01/09 12:49:37 kid1| Set Current Directory to /var/spool/squid > > >> 2013/01/09 12:49:37 kid1| Loaded Icons. > > >> 2013/01/09 12:49:37 kid1| HTCP Disabled. > > >> 2013/01/09 12:49:37 kid1| Squid plugin modules loaded: 0 > > >> 2013/01/09 12:49:37 kid1| Adaptation support is off. > > >> 2013/01/09 12:49:37 kid1| Accepting SSL bumped HTTP Socket > > >> connections at > > >> local=[::]:3128 remote=[::] FD 21 flags=9 > > >> 2013/01/09 12:49:37 kid1| WARNING: ssl_crtd #1 exited > > >> 2013/01/09 12:49:37 kid1| Too few ssl_crtd processes are running > > >> (need > > >> 1/5) > > >> 2013/01/09 12:49:37 kid1| Closing HTTP port [::]:3128 > > >> 2013/01/09 12:49:37 kid1| storeDirWriteCleanLogs: Starting... > > >> 2013/01/09 12:49:37 kid1| Finished. Wrote 0 entries. > > >> 2013/01/09 12:49:37 kid1| Took 0.00 seconds ( 0.00 entries/sec). > > >> FATAL: The ssl_crtd helpers are crashing too rapidly, need help! > > >> > > >> Squid Cache (Version 3.2.5): Terminated abnormally. > > >> CPU Usage: 0.100 seconds = 0.036 user + 0.064 sys Maximum Resident > > Size: > > >> 50304 KB Page faults with physical i/o: 0 Memory usage for squid > > >> via > > >> mallinfo(): > > >> total space in arena: 4784 KB > > >> Ordinary blocks: 4655 KB 8 blks > > >> Small blocks: 0 KB 0 blks > > >> Holding blocks: 7252 KB 6 blks > > >> Free Small blocks: 0 KB > > >> Free Ordinary blocks: 128 KB > > >> Total in use: 11907 KB 249% > > >> Total free: 128 KB 3% > > >> > > >> Full configure used in compile here: > > >> ./configure \ > > >> --exec_prefix=/usr \ > > >> --libexecdir=/usr/lib/squid \ > > >> --includedir=/usr/include \ > > >> --localstatedir=/var \ > > >> --datadir=/usr/share/squid \ > > >> --bindir=/usr/sbin \ > > >> --sysconfdir=/etc/squid \ > > >> --with-logdir='/var/log/squid' \ > > >> --with-pidfile='/var/run/squid.pid' \ > > >> --disable-dependency-tracking \ > > >> --enable-arp-acl \ > > >> --enable-follow-x-forwarded-for \ > > >> > > >> --enable-auth-basic="LDAP,MSNT,NCSA,PAM,SMB,YP,getpwnam,multi- > > domain- > > >> N > > >> TLM,SA > > >> SL,DB,POP3,squid_radius_auth" \ > > >> --enable-auth-digest="password,ldap,eDirectory" \ > > >> --enable-auth-ntlm="smb_lm,no_check,fakeauth" \ > > >> --enable-auth-negotiate \ > > >> > > >> --enable-external-acl-helpers="ip_user,ldap_group,session,unix_grou > > >> p, > > >> w > > >> binfo_ > > >> group" \ > > >> --enable-cache-digests \ > > >> --enable-cachemgr-hostname=localhost \ > > >> --enable-delay-pools \ > > >> --enable-epoll \ > > >> --enable-icap-client \ > > >> --enable-ident-lookups \ > > >> --with-large-files \ > > >> --enable-linux-netfilter \ > > >> --enable-referer-log \ > > >> --enable-removal-policies="heap,lru" \ > > >> --enable-snmp \ > > >> --enable-ssl \ > > >> --enable-ssl-crtd \ > > >> --enable-storeio="aufs,diskd,ufs" \ > > >> --enable-useragent-log \ > > >> --enable-wccpv2 \ > > >> --enable-esi \ > > >> --with-aio \ > > >> --with-default-user="squid" \ > > >> --with-filedescriptors=16384 \ > > >> --with-dl \ > > >> --with-openssl \ > > >> --with-pthreads > > >> > > >> Relevant squid.conf settings: > > >> > > >> # Squid normally listens to port 3128 http_port 3128 ssl-bump > > >> generate-host-certificates=on dynamic_cert_mem_cache_size=4MB > > >> cert=/etc/squid/squid.cer key=/etc/squid/squid.key > > >> > > >> # Squid SSL Certificate Daemon Options sslcrtd_program > > >> /usr/lib/squid/ssl_crtd -s /var/squid/ssl_db -M 4MB > > >> sslcrtd_children > > >> 5 > > >> > > >> Thanks in advance! > > >> > > >> > > > > > > > > > > > > -- > > > Regards, > > > -Ahmed Talha Khan > > > > > > > > > > > -- > > Regards, > > -Ahmed Talha Khan
