Eliezer I have now re-created the SSL certificates by creating the CSR, sending the to the CA and getting the new certificate back. Unfortunately, I'm still getting the same error; 2014/07/01 19:14:47| Startup: Initializing Authentication Schemes ... 2014/07/01 19:14:47| Startup: Initialized Authentication Scheme 'basic' 2014/07/01 19:14:47| Startup: Initialized Authentication Scheme 'digest' 2014/07/01 19:14:47| Startup: Initialized Authentication Scheme 'negotiate' 2014/07/01 19:14:47| Startup: Initialized Authentication Scheme 'ntlm' 2014/07/01 19:14:47| Startup: Initialized Authentication. 2014/07/01 19:14:47| Processing Configuration File: /etc/squid/squid.conf (depth 0) 2014/07/01 19:14:47| Processing: hosts_file /etc/hosts 2014/07/01 19:14:47| Processing: http_port X.X.X.90:80 accel defaultsite=domain.local 2014/07/01 19:14:47| Processing: http_port X.X.X.95:80 accel defaultsite=server_1.bbbb.co.uk 2014/07/01 19:14:47| Processing: https_port X.X.X.95:443 accel cert=/usr/newrprgate/CertAuth/www_domain_info/14735441.crt key=/usr/newrprgate/CertAuth/www_domain_info/domain_info_key.pem defaultsite=server_1.bbbb.co.uk 2014/07/01 19:14:47| Processing: cache_peer X.X.125.205 parent 8025 0 no-query originserver name=server_1 2014/07/01 19:14:47| Processing: acl sites_server_1 dstdomain www.domain.info 2014/07/01 19:14:47| Processing: cache_peer_access server_1 allow sites_server_1 2014/07/01 19:14:47| Processing: cache_peer_access server_1 deny all 2014/07/01 19:14:47| Processing: http_port X.X.X.96:80 accel defaultsite=server_2.bbbb.co.uk 2014/07/01 19:14:47| Processing: cache_peer X.X.125.2X parent 8026 0 no-query originserver name=server_2_http 2014/07/01 19:14:47| Processing: cache_peer X.X.125.2X parent 8061 0 no-query originserver ssl sslflags=DONT_VERIFY_PEER name=server_2_https 2014/07/01 19:14:47| Processing: acl sites_server_2 dstdomain www.domainhomes.org.uk 2014/07/01 19:14:47| Processing: cache_peer_access server_2_http allow sites_server_2 2014/07/01 19:14:47| Processing: cache_peer_access server_2_https allow sites_server_2 2014/07/01 19:14:47| Processing: cache_peer_access server_2_http deny all 2014/07/01 19:14:47| Processing: cache_peer_access server_2_https deny all 2014/07/01 19:14:47| Processing: http_port X.X.X.97:80 accel defaultsite=server_3.bbbb.co.uk 2014/07/01 19:14:47| Processing: cache_peer X.X.125.205 parent 8025 0 no-query originserver name=server_3_http 2014/07/01 19:14:47| Processing: cache_peer X.X.125.205 parent 8061 0 no-query originserver ssl sslflags=DONT_VERIFY_PEER name=server_3_https 2014/07/01 19:14:47| Processing: acl sites_server_3 dstdomain www.domain2.info 2014/07/01 19:14:47| Processing: cache_peer_access server_3_http allow sites_server_3 2014/07/01 19:14:47| Processing: cache_peer_access server_3_https allow sites_server_3 2014/07/01 19:14:47| Processing: cache_peer_access server_3_http deny all 2014/07/01 19:14:47| Processing: cache_peer_access server_3_https deny all 2014/07/01 19:14:47| Processing: acl localnet src X.0.0.0/8 # RFCX8 possible internal network 2014/07/01 19:14:47| Processing: acl localnet src 172.X.0.0/12 # RFCX8 possible internal network 2014/07/01 19:14:47| Processing: acl localnet src 192.X8.0.0/X # RFCX8 possible internal network 2014/07/01 19:14:47| Processing: acl localnet src fc00::/7 # RFC 4193 local private network range 2014/07/01 19:14:47| aclIpParseIpData: IPv6 has not been enabled. 2014/07/01 19:14:47| Processing: acl localnet src fe80::/X # RFC 4291 link-local (directly plugged) machines 2014/07/01 19:14:47| aclIpParseIpData: IPv6 has not been enabled. 2014/07/01 19:14:47| Processing: acl SSL_ports port 443 2014/07/01 19:14:47| Processing: acl Safe_ports port 80 # http 2014/07/01 19:14:47| Processing: acl Safe_ports port 21 # ftp 2014/07/01 19:14:47| Processing: acl Safe_ports port 443 # https 2014/07/01 19:14:47| Processing: acl Safe_ports port 70 # gopher 2014/07/01 19:14:47| Processing: acl Safe_ports port 2X # wais 2014/07/01 19:14:47| Processing: acl Safe_ports port X25-65535 # unregistered ports 2014/07/01 19:14:47| Processing: acl Safe_ports port 280 # http-mgmt 2014/07/01 19:14:47| Processing: acl Safe_ports port 488 # gss-http 2014/07/01 19:14:47| Processing: acl Safe_ports port 591 # filemaker 2014/07/01 19:14:47| Processing: acl Safe_ports port 777 # multiling http 2014/07/01 19:14:47| Processing: acl CONNECT method CONNECT 2014/07/01 19:14:47| Processing: http_access deny !Safe_ports 2014/07/01 19:14:47| Processing: http_access deny CONNECT !SSL_ports 2014/07/01 19:14:47| Processing: http_access allow localhost manager 2014/07/01 19:14:47| Processing: http_access deny manager 2014/07/01 19:14:47| Processing: acl all_internet src all 2014/07/01 19:14:47| Processing: http_access allow tte_network 2014/07/01 19:14:47| Processing: http_access allow ltdc_network 2014/07/01 19:14:47| Processing: http_access allow lldc_network 2014/07/01 19:14:47| Processing: http_access allow fot_network 2014/07/01 19:14:47| Processing: http_access allow sth_network 2014/07/01 19:14:47| Processing: http_access allow dmz_network 2014/07/01 19:14:47| Processing: http_access allow all_internet 2014/07/01 19:14:47| Processing: http_access allow localnet 2014/07/01 19:14:47| Processing: http_access allow localhost 2014/07/01 19:14:47| Processing: http_access deny all 2014/07/01 19:14:47| Processing: http_port 8080 2014/07/01 19:14:47| Processing: coredump_dir /var/spool/squid 2014/07/01 19:14:47| Processing: refresh_pattern ^ftp: 1440 20% X080 2014/07/01 19:14:47| Processing: refresh_pattern ^gopher: 1440 0% 1440 2014/07/01 19:14:47| Processing: refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 2014/07/01 19:14:47| Processing: refresh_pattern . 0 20% 4320 2014/07/01 19:14:47| Processing: access_log stdio:/var/log/squid/access_common.log common 2014/07/01 19:14:47| Processing: httpd_suppress_version_string on 2014/07/01 19:14:47| Processing: visible_hostname host.bbbb.co.uk 2014/07/01 19:14:47| Initializing https proxy context 2014/07/01 19:14:47| Initializing cache_peer server_2_https SSL context 2014/07/01 19:14:47| Initializing cache_peer server_3_https SSL context 2014/07/01 19:14:47| Initializing https_port X.X.X.95:443 SSL context 2014/07/01 19:14:47| Using certificate in /usr/newrprgate/CertAuth/www_domain_info/14735441.crt 2014/07/01 19:14:47| storeDirWriteCleanLogs: Starting... 2014/07/01 19:14:47| Finished. Wrote 0 entries. 2014/07/01 19:14:47| Took 0.00 seconds ( 0.00 entries/sec). FATAL: No valid signing SSL certificate configured for https_port X.X.X.95:443 Squid Cache (Version 3.4.3): Terminated abnormally. CPU Usage: 0.064 seconds = 0.051 user + 0.013 sys Maximum Resident Size: 32032 KB Page faults with physical i/o: 0 I think I might try the Oracle 6.5 repo version Squid 3.1 RPM which comes with the distro first, before I start compiling a new version of Squid. John On 30 June 2014 12:14, Eliezer Croitoru <eliezer@xxxxxxxxxxxx> wrote: > I would say +1 for binary search.. > Remove all specials and make it: > > https_port 10.x.x.95:443 accel > cert=/usr/newrprgate/CertAuth/cert/cert.crt > key=/usr/newrprgate/CertAuth/cert/key.pem defaultsite=server_1.uk > > Which will minimize it to a working settings which works on every linux > version with any openssl library I know of. > > If it won't work I will verify that the certificates are in the right format > and if not convert them to the right format.. > > Else then that is to compile it from src on this or similar machine and find > out if you have the same issue with a self signed certificate. > > I have not tested it yet on my build node but unless something is really odd > it should work with no issues. > > Eliezer > > > On 06/30/2014 02:07 PM, John Gardner wrote: >> >> Eliezer >> >> The line that was working but is now causing problems is; >> >> >> https_port 10.x.x.95:443 accel >> cert=/usr/newrprgate/CertAuth/cert/cert.crt >> key=/usr/newrprgate/CertAuth/cert/key.pem >> cipher=ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM >> options=NO_SSLv2 defaultsite=server_1.uk >> >> John > >
