Re: No valid signing SSL certificate configured for HTTPS_port

[Alex Rousskov <rousskov@xxxxxxxxxxxxxxxxxxxxxxx>]

On 2023-09-28 00:52, Bud Miljkovic wrote:

> # Intercept tranparent HTTPS traffic
> https_port 3129 intercept ssl-bump ssl_bump splice all

This should be refactored into two lines:

    https_port 3129 intercept ssl-bump ...
    ssl_bump splice all

After that, replace "..." above with cert=... and, optionally, other 
ssl-bump parameters from your other "https_port 3129" line below.


> # Add certificate
> https_port 3129 intercept ssl-bump ...

Remove these lines: The https_port directive does not support "adding" 
options to previously configured port. Use a single https_port directive 
per port. Same for http_port, of course.


HTH,

Alex.


> https_port 3129 intercept ssl-bump \
>     cert=/etc/squid/ssl_cert/myCA.pem \
>     generate-host-certificates=on dynamic_cert_mem_cache_size=4MB
>
> sslcrtd_program /usr/local/squid/libexec/ssl_crtd -s /var/lib/ssl_db -M 4MB
>
> #Visible hostname
> visible_hostname ctct-r2
> ```
> When the `squid.service` is started the following output is printed:
>
> ```
> Sep 28 16:17:04 ctct-r2 systemd[1]: Started Squid Proxy Server (OTA Mode).
> Sep 28 16:17:04 ctct-r2 squid[1059]: No valid signing SSL certificate 
> configured for HTTPS_port [::]:3129
> Sep 28 16:17:04 ctct-r2 squid[1059]: FATAL: No valid signing SSL 
> certificate configured for HTTPS_port [::]:3129
> Sep 28 16:17:04 ctct-r2 squid[1059]: Squid Cache (Version 3.5.25): 
> Terminated abnormally.
> Sep 28 16:17:04 ctct-r2 squid[1059]: CPU Usage: 0.040 seconds = 0.030 
> user + 0.010 sys
> Sep 28 16:17:04 ctct-r2 squid[1059]: Maximum Resident Size: 38656 KB
> ```
> Any lead is greatly appreciated.
>
> Buda
>
>
>
> --
> Budimir Miljković BSc E | He
> Senior Development Engineer
> Civil Construction Field Systems
> Trimble
>
> 11-17 Birmingham Drive, Christchurch, Canterbury, 8024
> New Zealand
> +64 3 963-5550 Direct
> +64 21 419-024 Mobile
>
> www.trimble.com <http://www.trimble.com>
>
> This email may contain confidential information that is intended only 
> for the listed recipient(s) of this email. Any unauthorized review, use, 
> disclosure or distribution is prohibited. If you believe you have 
> received this email in error, please immediately delete this email and 
> any attachments, and inform me via reply email.
>
> _______________________________________________
> squid-users mailing list
> squid-users@xxxxxxxxxxxxxxxxxxxxx
> https://lists.squid-cache.org/listinfo/squid-users

_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.squid-cache.org/listinfo/squid-users