Hello, I need to use my company's certificate as signing certificate in 'cert' argument of http_port/https_port options.
I can generate and use self-signed cert as said in Squid Manuals. All works fine. BUT, when I try to use my comanies cert with corrcet RSA private key - error in squid occures: FATAL: FATAL: No valid signing SSL certificate configured for HTTPS_port 192.168.1.1:3128 I've debugged some and recongized that 1.*readCertChainAndPrivateKeyFromFiles *() fails when call X509_check_private_key(cert.get(), pkey.get()): Warn/Err message: "X509_check_private_key() failed to verify signing cert2. 2.Openssl function *X509_check_private_key*(cert.get(), pkey.get()) fails with X509err(X509_F_X509_CHECK_PRIVATE_KEY, X509_R_KEY_VALUES_MISMATCH); I've checked my cert private key with openssl util - it's OK. Also my cert (which set in cert= option) is not self-signed and issued by another cert. Whole cert chain is 3 certificates. I've tryed to combine all 3 certs in 1 file in corrcet order: -----BEGIN RSA PRIVATE KEY----- (Your Private Key: your_domain_name.key) -----END RSA PRIVATE KEY----- -----BEGIN CERTIFICATE----- (Your Primary SSL certificate: your_domain_name.crt) -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- (Your Intermediate certificate: ) -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- (Your Root certificate: TrustedRoot.crt) -----END CERTIFICATE----- And other combinations too: separate private key from cert file and give it in key= option. No success - always the same error. So questions: 1) How I can use my cert chain as RootCA cert for signing generated servers certificates ? 2) Why such error occured? 3)May be there is requriment on such cert that it must be self-signed ? Thanks.
_______________________________________________ squid-dev mailing list squid-dev@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-dev