Search squid archive

No valid signing SSL certificate configured for HTTPS_port [::]:3128 (SSL Bump)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi,

I am facing an issue with Squid 3.5 with SSL Bump configuration, i already configure it without SSL bump and it works fine. but after configuring intercept process it shows the below error:

No valid signing SSL certificate configured for HTTPS_port [::]:3128

below snippet from the Squid configuration file:

https_port 3128 intercept ssl-bump \
  generate-host-certificates=on \
  dynamic_cert_mem_cache_size=4MB \
  cert=/etc/squid/ssl_cert/myCA.pem

# For squid 3.5.x
sslcrtd_program /usr/lib64/squid/ssl_crtd  -s /var/lib/ssl_db -M 4MB

acl step1 at_step SslBump1
ssl_bump peek step1
ssl_bump bump all

i used the below link as guid in creating the certificate:
http://wiki.squid-cache.org/ConfigExamples/Intercept/SslBumpExplicit

moreover, below are the result for squid -k command:

2017/05/09 09:38:26| Startup: Initializing Authentication Schemes ...
2017/05/09 09:38:26| Startup: Initialized Authentication Scheme 'basic'
2017/05/09 09:38:26| Startup: Initialized Authentication Scheme 'digest'
2017/05/09 09:38:26| Startup: Initialized Authentication Scheme 'negotiate'
2017/05/09 09:38:26| Startup: Initialized Authentication Scheme 'ntlm'
2017/05/09 09:38:26| Startup: Initialized Authentication.
2017/05/09 09:38:26| Processing Configuration File: /etc/squid/squid.conf (depth 0)
2017/05/09 09:38:26| Processing: acl localnet src 172.16.10.0/24        # RFC1918 possible internal network
2017/05/09 09:38:26| Processing: acl localnet src 192.168.0.0/16        # RFC1918 possible internal network
2017/05/09 09:38:26| Processing: acl localnet src fc00::/7       # RFC 4193 local private network range
2017/05/09 09:38:26| Processing: acl localnet src fe80::/10      # RFC 4291 link-local (directly plugged) machines
2017/05/09 09:38:26| Processing: acl SSL_ports port 443
2017/05/09 09:38:26| Processing: acl Safe_ports port 80         # http
2017/05/09 09:38:26| Processing: acl Safe_ports port 21         # ftp
2017/05/09 09:38:26| Processing: acl Safe_ports port 443                # https
2017/05/09 09:38:26| Processing: acl Safe_ports port 70         # gopher
2017/05/09 09:38:26| Processing: acl Safe_ports port 210                # wais
2017/05/09 09:38:26| Processing: acl Safe_ports port 1025-65535 # unregistered ports
2017/05/09 09:38:26| Processing: acl Safe_ports port 280                # http-mgmt
2017/05/09 09:38:26| Processing: acl Safe_ports port 488                # gss-http
2017/05/09 09:38:26| Processing: acl Safe_ports port 591                # filemaker
2017/05/09 09:38:26| Processing: acl Safe_ports port 777                # multiling http
2017/05/09 09:38:26| Processing: acl CONNECT method CONNECT
2017/05/09 09:38:26| Processing: http_access deny !Safe_ports
2017/05/09 09:38:26| Processing: http_access deny CONNECT !SSL_ports
2017/05/09 09:38:26| Processing: http_access allow localhost manager
2017/05/09 09:38:26| Processing: http_access deny manager
2017/05/09 09:38:26| Processing: http_access allow localnet
2017/05/09 09:38:26| Processing: http_access allow localhost
2017/05/09 09:38:26| Processing: http_access deny all
2017/05/09 09:38:26| Processing: https_port 3128 intercept ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=4MB cert=/etc/squid/ssl_cert/myCA.pem
2017/05/09 09:38:26| Starting Authentication on port [::]:3128
2017/05/09 09:38:26| Disabling Authentication on port [::]:3128 (interception enabled)
2017/05/09 09:38:26| Processing: sslcrtd_program /usr/lib64/squid/ssl_crtd  -s /var/lib/ssl_db -M 4MB
2017/05/09 09:38:26| Processing: acl step1 at_step SslBump1
2017/05/09 09:38:26| Processing: ssl_bump peek step1
2017/05/09 09:38:26| Processing: ssl_bump bump all
2017/05/09 09:38:26| Processing: cache_dir ufs /var/spool/squid 100 16 256
2017/05/09 09:38:26| Processing: coredump_dir /var/spool/squid
2017/05/09 09:38:26| Processing: refresh_pattern ^ftp:          1440    20%     10080
2017/05/09 09:38:26| Processing: refresh_pattern ^gopher:       1440    0%      1440
2017/05/09 09:38:26| Processing: refresh_pattern -i (/cgi-bin/|\?) 0    0%      0
2017/05/09 09:38:26| Processing: refresh_pattern .              0       20%     4320
2017/05/09 09:38:26| Initializing https proxy context
2017/05/09 09:38:26| Initializing https_port [::]:3128 SSL context
2017/05/09 09:38:26| Using certificate in /etc/squid/ssl_cert/myCA.pem
FATAL: No valid signing SSL certificate configured for HTTPS_port [::]:3128
Squid Cache (Version 3.5.20): Terminated abnormally.
CPU Usage: 0.027 seconds = 0.013 user + 0.014 sys
Maximum Resident Size: 37264 KB
Page faults with physical i/o: 0

I already do googling for this issue, and i found similar issue and it was solved by setting SELinux to permissive and reboot. i already did the same but its still not working. pleas advice 

Thanks and Regards,

Mohammed AL-Jakri

_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users
[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux