Hi Amos, This could be the problem. I built another VM based on Debian and ended up creating my own CA / PKI. Self-signed certificates worked and I was able to move on at last. Great learning experience to see how SSL / openssl works. Now I am stuck with Windows client unable to connect to reverse-proxyfied Exchange. When I connect via NAT/PAT, I can get to OWA/ECP. When squid is acting as reverse-proxy, connection is timing out. Looks like my Exchange SSL is not working but I will deal with this later. Thanks a lot for your help. Cheers Konrad On Tue, Nov 8, 2016 at 6:18 AM, Amos Jeffries [via Squid Web Proxy Cache] < ml-node+s1019090n4680457h1@xxxxxxxxxxxxx> wrote: > On 6/11/2016 7:52 a.m., Garri Djavadyan wrote: > > > On 2016-11-05 23:10, konradka wrote: > >> Hi Garri, > >> > >> Thanks for your responses mate ! > >> > >> I did not realize that the squid was compiled with proxy user. Well > >> spotted > >> ! > >> > >> It looks like permission's issue but squid error message is not giving > >> away > >> any more details. > >> > >> I will configure debug_options to see what is failing exactly. > >> > >> The modulus check is a good idea too so I will get this checked and > >> post the > >> results. > > > > Actually, there should not be problems with DAC rights for user 'proxy', > > I found that Squid reads the keys as root. But there may be problems > > with MAC rights for Squid, if any enabled by default. As you use Ubuntu, > > you should check AppArmor logs for problems indication. > > > > The same error may appear, if path or filename is misspelled. > > > > Or if the key= parameter is listed before the cert= parameter. I have > just made that case a different (and FATAL) error on config loading. > > After loading the cert and key from the relevant files, Squid verifies > that they are a matching pair. This message is output if for any reason > that check fails, or the loading fails. > > Amos > > _______________________________________________ > squid-users mailing list > [hidden email] <http:///user/SendEmail.jtp?type=node&node=4680457&i=0> > http://lists.squid-cache.org/listinfo/squid-users > > > ------------------------------ > If you reply to this email, your message will be added to the discussion > below: > http://squid-web-proxy-cache.1019090.n4.nabble.com/No- > valid-signing-SSL-certificate-configured-for-HTTPS-port- > tp4680434p4680457.html > To unsubscribe from No valid signing SSL certificate configured for > HTTPS_port, click here > <http://squid-web-proxy-cache.1019090.n4.nabble.com/template/NamlServlet.jtp?macro=unsubscribe_by_code&node=4680434&code=aXRkaXJlY3Rjb25zdWx0aW5nQGdtYWlsLmNvbXw0NjgwNDM0fDEyODAwNzUyMQ==> > . > NAML > <http://squid-web-proxy-cache.1019090.n4.nabble.com/template/NamlServlet.jtp?macro=macro_viewer&id=instant_html%21nabble%3Aemail.naml&base=nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.view.web.template.NodeNamespace&breadcrumbs=notify_subscribers%21nabble%3Aemail.naml-instant_emails%21nabble%3Aemail.naml-send_instant_email%21nabble%3Aemail.naml> > -- View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/No-valid-signing-SSL-certificate-configured-for-HTTPS-port-tp4680434p4680459.html Sent from the Squid - Users mailing list archive at Nabble.com. _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
