Hi, I am facing an issue with Squid 3.5 with SSL Bump configuration, i already configure it without SSL bump and it works fine. but after configuring intercept process it shows the below error:
*No valid signing SSL certificate configured for HTTPS_port [::]:3128* below snippet from the Squid configuration file: *https_port 3128 intercept ssl-bump \* * generate-host-certificates=on \* * dynamic_cert_mem_cache_size=4MB \* * cert=/etc/squid/ssl_cert/myCA.pem* *# For squid 3.5.x* *sslcrtd_program /usr/lib64/squid/ssl_crtd -s /var/lib/ssl_db -M 4MB* *acl step1 at_step SslBump1* *ssl_bump peek step1* *ssl_bump bump all* i used the below link as guid in creating the certificate: http://wiki.squid-cache.org/ConfigExamples/Intercept/SslBumpExplicit moreover, below are the result for squid -k command: 2017/05/09 09:38:26| Startup: Initializing Authentication Schemes ... 2017/05/09 09:38:26| Startup: Initialized Authentication Scheme 'basic' 2017/05/09 09:38:26| Startup: Initialized Authentication Scheme 'digest' 2017/05/09 09:38:26| Startup: Initialized Authentication Scheme 'negotiate' 2017/05/09 09:38:26| Startup: Initialized Authentication Scheme 'ntlm' 2017/05/09 09:38:26| Startup: Initialized Authentication. 2017/05/09 09:38:26| Processing Configuration File: /etc/squid/squid.conf (depth 0) 2017/05/09 09:38:26| Processing: acl localnet src 172.16.10.0/24 # RFC1918 possible internal network 2017/05/09 09:38:26| Processing: acl localnet src 192.168.0.0/16 # RFC1918 possible internal network 2017/05/09 09:38:26| Processing: acl localnet src fc00::/7 # RFC 4193 local private network range 2017/05/09 09:38:26| Processing: acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines 2017/05/09 09:38:26| Processing: acl SSL_ports port 443 2017/05/09 09:38:26| Processing: acl Safe_ports port 80 # http 2017/05/09 09:38:26| Processing: acl Safe_ports port 21 # ftp 2017/05/09 09:38:26| Processing: acl Safe_ports port 443 # https 2017/05/09 09:38:26| Processing: acl Safe_ports port 70 # gopher 2017/05/09 09:38:26| Processing: acl Safe_ports port 210 # wais 2017/05/09 09:38:26| Processing: acl Safe_ports port 1025-65535 # unregistered ports 2017/05/09 09:38:26| Processing: acl Safe_ports port 280 # http-mgmt 2017/05/09 09:38:26| Processing: acl Safe_ports port 488 # gss-http 2017/05/09 09:38:26| Processing: acl Safe_ports port 591 # filemaker 2017/05/09 09:38:26| Processing: acl Safe_ports port 777 # multiling http 2017/05/09 09:38:26| Processing: acl CONNECT method CONNECT 2017/05/09 09:38:26| Processing: http_access deny !Safe_ports 2017/05/09 09:38:26| Processing: http_access deny CONNECT !SSL_ports 2017/05/09 09:38:26| Processing: http_access allow localhost manager 2017/05/09 09:38:26| Processing: http_access deny manager 2017/05/09 09:38:26| Processing: http_access allow localnet 2017/05/09 09:38:26| Processing: http_access allow localhost 2017/05/09 09:38:26| Processing: http_access deny all 2017/05/09 09:38:26| Processing: https_port 3128 intercept ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=4MB cert=/etc/squid/ssl_cert/myCA.pem 2017/05/09 09:38:26| Starting Authentication on port [::]:3128 2017/05/09 09:38:26| Disabling Authentication on port [::]:3128 (interception enabled) 2017/05/09 09:38:26| Processing: sslcrtd_program /usr/lib64/squid/ssl_crtd -s /var/lib/ssl_db -M 4MB 2017/05/09 09:38:26| Processing: acl step1 at_step SslBump1 2017/05/09 09:38:26| Processing: ssl_bump peek step1 2017/05/09 09:38:26| Processing: ssl_bump bump all 2017/05/09 09:38:26| Processing: cache_dir ufs /var/spool/squid 100 16 256 2017/05/09 09:38:26| Processing: coredump_dir /var/spool/squid 2017/05/09 09:38:26| Processing: refresh_pattern ^ftp: 1440 20% 10080 2017/05/09 09:38:26| Processing: refresh_pattern ^gopher: 1440 0% 1440 2017/05/09 09:38:26| Processing: refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 2017/05/09 09:38:26| Processing: refresh_pattern . 0 20% 4320 2017/05/09 09:38:26| Initializing https proxy context 2017/05/09 09:38:26| Initializing https_port [::]:3128 SSL context 2017/05/09 09:38:26| Using certificate in /etc/squid/ssl_cert/myCA.pem FATAL: No valid signing SSL certificate configured for HTTPS_port [::]:3128 Squid Cache (Version 3.5.20): Terminated abnormally. CPU Usage: 0.027 seconds = 0.013 user + 0.014 sys Maximum Resident Size: 37264 KB Page faults with physical i/o: 0 I already do googling for this issue, and i found similar issue and it was solved by setting SELinux to permissive and reboot. i already did the same but its still not working. pleas advice Thanks and Regards, Mohammed AL-Jakri
_______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users