On Mon, 9 Feb 2004, Kent, Mr. John (Contractor) wrote:
> Henrik and Brian,
>
> As recommended, I created certificates and keys for my
> Squid server using openssl
>
> Created certificate:
> >openssl genrsa -des3 -out webcache2.key 1024
This generates an encryted RSA key of 1024 bits. Squid can not load
encrypted RSA keys unless you start it with the -N option. Recommend to
decrypt the key unless you actually want to have to enter the encryption
key manually each time Squid is restarted.
> Created CSR:
> >openssl req -new -key webcache2.key -out webcache2.csr
>
> Then Signed it:
> >openssl x509 -req -days 3650 -in webcache2.csr -signkey webcache2.key -out webcache2.crt
This generates the certificate.
> Modified my squid.conf file by adding the following line
> https_port 199.9.2.137:443 cert=/users/webuser/squid3.0/conf/ssl.crt/webcache2.crt key=/users/webuser/squid
> 3.0/conf/ssl.key/webcache2.key
>
> When I go to start Squid get:
> bash-2.05$ ./squid
> 2004/02/09 15:14:51| Failed to acquire SSL certificate '/users/webuser/squid3.0/conf/ssl.crt/webcache2.crt': error:02001002:system library:fopen:No such file or directory
> FATAL: Bungled squid.conf line 135: https_port 199.9.2.137:443 cert=/users/webuser/squid3.0/conf/ssl.crt/webcache2.crt key=/users/webuser/squid3.0/conf/ssl.key/webcache2.key
The error indiates that /users/webuser/squid3.0/conf/ssl.crt/webcache2.crt
does not exists, or maybe that Squid does not have permission to enter the
directory.
Maybe more information is given if you start Squid with the -X flag.
Regards
Henrik
Received on Mon Feb 09 2004 - 17:31:07 MST
This archive was generated by hypermail pre-2.1.9 : Mon Mar 01 2004 - 12:00:02 MST