Hi,
I am using squid 3.3.1 to enable the dynamic certificate
generation functionality and it works fine with a self signed
certificate. I now have a actual signed certificate and the ssl chain
is such that my certificate -> CA1 -> Root CA.
I cleared the previous cert db directory and re initilaized it. I
then created a cert.chain file in the format mentioned below.
-----BEGIN CERTIFICATE-----
<public key of my certificate >
-----END CERTIFICATE-----
-----BEGIN RSA PRIVATE KEY-----
< my private key >
-----END RSA PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
<public key of CA1 >
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
<public key of Root CA >
-----END CERTIFICATE-----
squid.conf:
https_port 3129 intercept generate-host-certificates=on
dynamic_cert_mem_cache_size=4MB cert=/etc/squid/ssl_cert/cert.chain
ssl-bump
But when i start squid , i get the following error.
/usr/sbin/squid start
sh: (null): not found
FATAL: No valid signing SSL certificate configured for https_port 0.0.0.0:3129
Squid Cache (Version 3.3.1): Terminated abnormally.
CPU Usage: 0.050 seconds = 0.050 user + 0.000 sys
Maximum Resident Size: 0 KB
Page faults with physical i/o: 0
I also tried with just my cert and private key without the chain
information and I get the same error there also. Am I missing
something here?
Regards,
Prasanna
