On 5/04/19 12:37 am, Davide Belloni wrote: > Hi, > this is the certificate that I'm using at the moment: > AFAICS the pieces Squid-4 needs for your config and checks for are all there. Are the pieces correctly ordered in the .pem file? key first, then CA cert. > > On Thu, 4 Apr 2019 at 12:57, Davide Belloni wrote: > > Hi, thanks very much for all the advices! > About the action to generate the certificate I've followed the squid > wiki, that doesn't modify (if I remember correctly) openssl conf to > create it . > > Do you have some link to a good howto about that? > Ah, we have several how-to's in the wiki. The SSL-Bump documentation has an example. The ConfigExamples section has one for self-signed root CA like yours, one for intermediate CA signing cert, and one for a wildcard domain cert. The one most relevant to what you have is: <https://wiki.squid-cache.org/ConfigExamples/Intercept/SslBumpExplicit#Features.2FDynamicSslCert.Create_Self-Signed_Root_CA_Certificate> If this already matches what you are doing, and the PEM file content is correct, and that context creation ERROR still shows up. Then your next step would be to start Squid with the -X command line option and see if anything more specific about it shows up. (This will produce a huge amount of debug info, but you only need the startup sequence where the ERROR shows up. It should not be necessary to send traffic until the context is working.) Amos _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
