What cert error page do you get?
from the browser or with squid logo?
try to use only these directives:
##start
http_port 3128 ssl-bump generate-host-certificates=on
dynamic_cert_mem_cache_size=16MB cert=/etc/squid/myCA.pem
sslcrtd_program /usr/lib64/squid/ssl_crtd -s /etc/squid/ssl_cert/ssl_db
-M 16MB
sslcrtd_children 5
# # SSL Settings
ssl_bump server-first all
sslproxy_cert_error deny all
#sslcrtd_program /usr/lib64/squid/ssl_crtd -s
/usr/local/squid/var/lib/ssl_db -M 4MB
sslcrtd_children 10
##end
The only issue is that in order for the browser to work with squid you
need to install the der certificate in the OS or browser.
What browser are you using?
Eliezer
On 10/15/2013 05:01 PM, Derek Pinkston wrote:
Fresh install on CentOS 6.4, Squid Version 3.4.0.2. As the Subject
states all HTTP works fine. HTTPS will throw cert errors all over the
browser. The logs are showing no errors as well as squid -k parse.
When attempting to access a secure site the access.log does not show
that activity. The browser throws a cert error and looking at the cert
it's the one from the squid machine rather than Dynamic SSL
Certificate Generation.
I checked the Cert dir and the server is downloading the certs from
other sites. Pasted below is my squid.conf If I'm forgetting
anything or you need me to post anything else let me know.
Thanks in advance for any help!
acl localnet src 10.1.0.0/16 # RFC1918 possible internal network
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost manager
http_access deny manager
http_access allow localnet
http_access allow localhost
http_access deny all
http_port 10.1.4.1:3128 intercept
http_port 3128
https_port 10.1.4.1:3129 intercept ssl-bump
generate-host-certificates=on dynamic_cert_mem_cache_size=4MB
cert=/etc/squid/myconfigure.pem key=/etc/squid/myconfigure.pem
ssl_bump server-first all
always_direct allow all
sslproxy_cert_error allow all
sslproxy_flags DONT_VERIFY_PEER
sslcrtd_program /usr/lib64/squid/ssl_crtd -s /var/lib/ssl_db -M 4MB
sslcrtd_children 5
redirect_program /usr/bin/squidGuard -c /etc/squid/squidGuard.conf
redirect_children 1
access_log /var/log/squid/access.log squid
coredump_dir /var/spool/squid
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern . 0 20% 4320
