Re: problem in squid certificate installtion

Yuri Voinov <yvoinov@xxxxxxxxx> · Wed, 22 Apr 2015 00:18:58 +0600



    -----BEGIN PGP SIGNED MESSAGE----- 

    Hash: SHA256 

     
    Self-signed certificate is not suitable for use in a reverse proxy.

    
    22.04.15 9:17, snakeeyes пишет:

    > Hi 

      >

      > I need to setup squid proxy as reverse proxy with https
      enabled

      >

      > I tried  the bash script below and it run ok :

      >

      > ###########################

      >

      > OPENSSL=/usr/bin/openssl

      >

      >  

      >

      > SSLDIR=/etc/mydlp/ssl

      >

      >  

      >

      > mkdir -p $SSLDIR || exit 1

      >

      >  

      >

      > rm -rf $SSLDIR/*

      >

      >  

      >

      > [ -e $SSLDIR/private.pem ] || $OPENSSL genrsa 4096 >
      $SSLDIR/private.pem

      >

      >  

      >

      > [ -e $SSLDIR/public.pem ] || (echo -e

      >
      "TR\nAnkara\nTechnopolis\nMyDLP\nMyDLP\n*\nsupport@xxxxxxxxx\n"|
      $OPENSSL

      > req -new -x509 -days 3650 -key $SSLDIR/private.pem -out
      $SSLDIR/public.pem)

      >

      >  

      >

      > [ -e $SSLDIR/user.der ] || $OPENSSL x509 -in
      $SSLDIR/public.pem -outform DER

      > -out $SSLDIR/user.der

      >

      > ######################################

      >

      >  

      >

      >  

      >

      > ls -l /etc/mydlp/ssl

      >

      > total 12

      >

      > -rw-r--r-- 1 root root 3243 Apr 21 08:26 private.pem

      >

      > -rw-r--r-- 1 root root 2090 Apr 21 08:26 public.pem

      >

      > -rw-r--r-- 1 root root 1501 Apr 21 08:27 user.der

      >

      >  

      >

      > ######################################

      >

      >  

      >

      > Added to squid.conf :

      >

      >  

      >

      > https_port 443 key=/etc/mydlp/ssl/private.pem
      cert=/etc/mydlp/ssl/public.pem

      >

      >  

      >

      >  

      >

      >  

      >

      > And when I start squid , 

      >

      >  

      >

      > FATAL: No valid signing SSL certificate configured for
      HTTPS_port [::]:443

      >

      > Squid Cache (Version 3.5.1): Terminated abnormally.

      >

      > CPU Usage: 10.189 seconds = 10.133 user + 0.056 sys

      >

      > Maximum Resident Size: 271264 KB

      >

      > Page faults with physical i/o: 44

      >

      >  

      >

      >  

      >

      >  

      >

      >  

      >

      > Hope to help

      >

      >  

      >

      > regards

      >

      >

      >

      >

      > _______________________________________________

      > squid-users mailing list

      > squid-users@xxxxxxxxxxxxxxxxxxxxx

      > http://lists.squid-cache.org/listinfo/squid-users

    
    -----BEGIN PGP SIGNATURE-----


    Version: GnuPG v2


    iQEcBAEBCAAGBQJVNpSSAAoJENNXIZxhPexGq+4H/3KGzflx2iP+/nYH9SITqmun


    okbIgNUX31WbNYWy8Na+7fnEqE/e/Sfc5qGP2LhbL3iPz72pspBE0vpvLPvAa8iL


    kak/CLDEaFXizPVhfPIi7FI9Vdpvl4D2Pfm3aHHXxoTFjmLvM6htTlNntNCYuG1P


    iLm7gFUNC9pltRrEbnKmhxh3CKsc6iUC3L3muLLaH3WX7WJNtCzTxh+8OQKeDIh1


    ZWAbvpXnPT6PdXI4rDF6+J16eC6TUo0stiWds2XsYH958AWJRwcHi5UL+Vgq1X6Z


    9GWYZVKlXNxBfGR5Zv1anmmaDP2ouJG3DwI5U8Dqe6B6dcGYQWtU+m1Hieuy5Ko=


    =BiO/


    -----END PGP SIGNATURE-----


_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users