[squid-users] Problems with reverse SSL Proxy Squid 3 - Certificate related

From: Ben Keepper <ben@dont-contact.us>
Date: Tue, 03 Feb 2004 16:00:27 -0800

Hello,

My squid.conf(With a lot of help from Derek Winkler):

visible_hostname squid.keepper.net
cache_mgr ben@keepper.net
 
https_port 443 cert=/usr/local/squid/etc/server.crt
key=/usr/local/squid/etc/server.key defaultsite=mail.keepper.net
 
cache_peer mail.keepper.net parent 443 0 no-query ssl proxy-only
originserver login=PASS sslflags=DONT_VERIFY_PEER
 
ssl_unclean_shutdown on
acl owa-exchange urlpath_regex \/exchange(\/|$)
acl all src 0.0.0.0/0.0.0.0
acl all-dst dst 0.0.0.0/0.0.0.0
acl owa-host dst 172.16.111.235/255.255.255.255
 
http_access allow owa-host owa-exchange
http_reply_access allow all-dst
http_access deny all
http_access deny all-dst

-----------------------------------------------------

When I run /usr/local/squid/sbin/squid -z I get:

[root@benpc root]# /usr/local/squid/sbin/squid -z
2004/02/03 15:48:15| Initialising SSL.
2004/02/03 15:48:15| Using certificate in
/usr/local/squid/etc/server.crt
2004/02/03 15:48:15| Using private key in
/usr/local/squid/etc/server.key
Enter PEM pass phrase:
2004/02/03 15:48:19| Error error setting CA certificate locations:
error:00000000:lib(0):func(0):reason(0)
2004/02/03 15:48:19| continuing anyway...
2004/02/03 15:48:19| Initialising SSL.
2004/02/03 15:48:19| NOTICE: Peer certificates are not verified for
validity!
2004/02/03 15:48:19| Error error setting CA certificate locations:
error:00000000:lib(0):func(0):reason(0)
2004/02/03 15:48:19| continuing anyway...
2004/02/03 15:48:19| Cache dir '/usr/local/squid/var/cache' size changed
to 102400 KB
2004/02/03 15:48:19| Initialising SSL.
2004/02/03 15:48:19| Error error setting CA certificate locations:
error:00000000:lib(0):func(0):reason(0)
2004/02/03 15:48:19| continuing anyway...
2004/02/03 15:48:19| Creating Swap Directories
2004/02/03 15:48:19| /usr/local/squid/var/cache exists
2004/02/03 15:48:19| /usr/local/squid/var/cache/00 exists
2004/02/03 15:48:19| Making directories in /usr/local/squid/var/cache/00
2004/02/03 15:48:19| /usr/local/squid/var/cache/01 exists
2004/02/03 15:48:19| Making directories in /usr/local/squid/var/cache/01
2004/02/03 15:48:19| /usr/local/squid/var/cache/02 exists
2004/02/03 15:48:19| Making directories in /usr/local/squid/var/cache/02
2004/02/03 15:48:20| /usr/local/squid/var/cache/03 exists
2004/02/03 15:48:20| Making directories in /usr/local/squid/var/cache/03
2004/02/03 15:48:20| /usr/local/squid/var/cache/04 exists
2004/02/03 15:48:20| Making directories in /usr/local/squid/var/cache/04
2004/02/03 15:48:20| /usr/local/squid/var/cache/05 exists
2004/02/03 15:48:20| Making directories in /usr/local/squid/var/cache/05
2004/02/03 15:48:20| /usr/local/squid/var/cache/06 exists
2004/02/03 15:48:20| Making directories in /usr/local/squid/var/cache/06
2004/02/03 15:48:20| /usr/local/squid/var/cache/07 exists
2004/02/03 15:48:20| Making directories in /usr/local/squid/var/cache/07
2004/02/03 15:48:21| /usr/local/squid/var/cache/08 exists
2004/02/03 15:48:21| Making directories in /usr/local/squid/var/cache/08
2004/02/03 15:48:21| /usr/local/squid/var/cache/09 exists
2004/02/03 15:48:21| Making directories in /usr/local/squid/var/cache/09
2004/02/03 15:48:21| /usr/local/squid/var/cache/0A exists
2004/02/03 15:48:21| Making directories in /usr/local/squid/var/cache/0A
2004/02/03 15:48:21| /usr/local/squid/var/cache/0B exists
2004/02/03 15:48:21| Making directories in /usr/local/squid/var/cache/0B
2004/02/03 15:48:21| /usr/local/squid/var/cache/0C exists
2004/02/03 15:48:21| Making directories in /usr/local/squid/var/cache/0C
2004/02/03 15:48:21| /usr/local/squid/var/cache/0D exists
2004/02/03 15:48:21| Making directories in /usr/local/squid/var/cache/0D
2004/02/03 15:48:21| /usr/local/squid/var/cache/0E exists
2004/02/03 15:48:21| Making directories in /usr/local/squid/var/cache/0E
2004/02/03 15:48:22| /usr/local/squid/var/cache/0F exists
2004/02/03 15:48:22| Making directories in /usr/local/squid/var/cache/0F

/usr/local/squid/sbin/squid:
[root@benpc root]# /usr/local/squid/sbin/squid
2004/02/03 15:48:24| Initialising SSL.
2004/02/03 15:48:24| Using certificate in
/usr/local/squid/etc/server.crt
2004/02/03 15:48:24| Using private key in
/usr/local/squid/etc/server.key
Enter PEM pass phrase:
2004/02/03 15:48:27| Error error setting CA certificate locations:
error:00000000:lib(0):func(0):reason(0)
2004/02/03 15:48:27| continuing anyway...
2004/02/03 15:48:27| Initialising SSL.
2004/02/03 15:48:27| NOTICE: Peer certificates are not verified for
validity!
2004/02/03 15:48:27| Error error setting CA certificate locations:
error:00000000:lib(0):func(0):reason(0)
2004/02/03 15:48:27| continuing anyway...
2004/02/03 15:48:27| Cache dir '/usr/local/squid/var/cache' size changed
to 102400 KB
2004/02/03 15:48:27| Initialising SSL.
2004/02/03 15:48:27| Error error setting CA certificate locations:
error:00000000:lib(0):func(0):reason(0)
2004/02/03 15:48:27| continuing anyway...

I notice that the PC is not listening on 443.
Squid Version:squid-3.0-PRE3-20040125
OpenSSL version:openssl-0.9.7b-4.1.92mdk

Any help would be appreciated.

TIA,

Ben
Received on Tue Feb 03 2004 - 17:23:53 MST

This archive was generated by hypermail pre-2.1.9 : Mon Mar 01 2004 - 12:00:01 MST