[squid-users] OWA SSL problem

From: Rakesh Jha <rakesh_at_burgan.com>
Date: Wed, 28 Jan 2009 09:53:27 +0300

Hi,
Recently I have renewed the SSL certificate since then I am facing
the problem. If I start squid with "-DYNCd3" I enter pass phrase
correctly and htpps acceleration work ok. But does not work when I start
squid without any flag / option

Please see below -

[root_at_Squid-Rev logs]# ../../sbin/squid -DYNCd3
2009/01/28 09:23:43| Initializing https proxy context
2009/01/28 09:23:43| Initializing https_port 10.1.1.100:443 SSL context
2009/01/28 09:23:43| Using certificate in
/usr/local/ssl/mail.domain.com.crt
2009/01/28 09:23:43| Using private key in
/usr/local/ssl/mail.domain.com.key
Enter PEM pass phrase:
2009/01/28 09:23:48| Starting Squid Cache version 3.0.PRE5 for
i686-pc-linux-gnu
...
2009/01/28 09:23:48| Process ID 2713
2009/01/28 09:23:48| With 1024 file descriptors available
2009/01/28 09:23:48| DNS Socket created at 0.0.0.0, port 1083, FD 4
2009/01/28 09:23:48| Adding domain localdomain from /etc/resolv.conf
2009/01/28 09:23:48| Adding nameserver 196.1.69.98 from /etc/resolv.conf
2009/01/28 09:23:48| Adding nameserver 196.1.69.99 from /etc/resolv.conf
2009/01/28 09:23:48| Adding nameserver 10.1.1.104 from /etc/resolv.conf
2009/01/28 09:23:48| Adding nameserver 168.187.78.18 from
/etc/resolv.conf
2009/01/28 09:23:48| Adding nameserver 168.187.198.11 from
/etc/resolv.conf
2009/01/28 09:23:48| Adding nameserver 168.187.198.12 from
/etc/resolv.conf
2009/01/28 09:23:48| Unlinkd pipe opened on FD 9
2009/01/28 09:23:48| Swap maxSize 102400 KB, estimated 7876 objects
2009/01/28 09:23:48| Target number of buckets: 393
2009/01/28 09:23:48| Using 8192 Store buckets
2009/01/28 09:23:48| Max Mem size: 8192 KB
2009/01/28 09:23:48| Max Swap size: 102400 KB
2009/01/28 09:23:48| Rebuilding storage in /usr/local/squid/var/cache
(CLEAN)
2009/01/28 09:23:48| Using Least Load store dir selection
2009/01/28 09:23:48| Set Current Directory to /usr/local/squid/var/cache
2009/01/28 09:23:48| Loaded Icons.
2009/01/28 09:23:48| Accepting HTTPS connections at 10.1.1.100, port
443, FD 10.
2009/01/28 09:23:48| Accepting ICP messages at 0.0.0.0, port 3130, FD
11.
2009/01/28 09:23:48| WCCP Disabled.
2009/01/28 09:23:48| Configuring Parent mail.domain.com/80/0
2009/01/28 09:23:48| Ready to serve requests.
2009/01/28 09:24:02| Done scanning /usr/local/squid/var/cache swaplog (0
entries
)
2009/01/28 09:24:02| Finished rebuilding storage from disk.
2009/01/28 09:24:02| 0 Entries scanned
2009/01/28 09:24:02| 0 Invalid entries.
2009/01/28 09:24:02| 0 With invalid flags.
2009/01/28 09:24:02| 0 Objects loaded.
2009/01/28 09:24:02| 0 Objects expired.
2009/01/28 09:24:02| 0 Objects cancelled.
2009/01/28 09:24:02| 0 Duplicate URLs purged.
2009/01/28 09:24:02| 0 Swapfile clashes avoided.
2009/01/28 09:24:02| Took 14.3 seconds ( 0.0 objects/sec).
2009/01/28 09:24:02| Beginning Validation Procedure
2009/01/28 09:24:02| Completed Validation Procedure
2009/01/28 09:24:02| Validated 25 Entries
2009/01/28 09:24:02| store_swap_size = 0
2009/01/28 09:24:02| storeLateRelease: released 0 objects
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

When I start like -
[root_at_Squid-Rev logs]# ../../sbin/squid
Enter PEM pass phrase:
[root_at_Squid-Rev logs]#

Cache.log registeres errors. Please see following -

2009/01/28 09:42:31| Initializing https proxy context
2009/01/28 09:42:31| Initializing https_port 10.1.1.100:443 SSL context
2009/01/28 09:42:31| Using certificate in
/usr/local/ssl/mail.domain.com.crt
2009/01/28 09:42:31| Using private key in
/usr/local/ssl/mail.domain.com.key
2009/01/28 09:42:42| Initializing https proxy context
2009/01/28 09:42:42| Initializing https_port 10.1.1.100:443 SSL context
2009/01/28 09:42:42| Using certificate in
/usr/local/ssl/mail.domain.com.crt
2009/01/28 09:42:42| Using private key in
/usr/local/ssl/mail.domain.com.key
2009/01/28 09:42:42| Failed to acquire SSL private key
'/usr/local/ssl/mail.domain.com.key': error
:0906406D:PEM routines:DEF_CALLBACK:problems getting password
2009/01/28 09:42:42| Starting Squid Cache version 3.0.PRE5 for
i686-pc-linux-gnu...
2009/01/28 09:42:42| Process ID 2734
2009/01/28 09:42:42| With 1024 file descriptors available
2009/01/28 09:42:42| Performing DNS Tests...
2009/01/28 09:42:42| Successful DNS name lookup tests...
2009/01/28 09:42:42| DNS Socket created at 0.0.0.0, port 1083, FD 6
2009/01/28 09:42:42| Adding domain localdomain from /etc/resolv.conf
2009/01/28 09:42:42| Adding nameserver 196.1.69.98 from /etc/resolv.conf
2009/01/28 09:42:42| Adding nameserver 196.1.69.99 from /etc/resolv.conf
2009/01/28 09:42:42| Adding nameserver 10.1.1.104 from /etc/resolv.conf
2009/01/28 09:42:42| Adding nameserver 168.187.78.18 from
/etc/resolv.conf
2009/01/28 09:42:42| Adding nameserver 168.187.198.11 from
/etc/resolv.conf
2009/01/28 09:42:42| Adding nameserver 168.187.198.12 from
/etc/resolv.conf
2009/01/28 09:42:42| Unlinkd pipe opened on FD 11
2009/01/28 09:42:42| Swap maxSize 102400 KB, estimated 7876 objects
2009/01/28 09:42:42| Target number of buckets: 393
2009/01/28 09:42:42| Using 8192 Store buckets
2009/01/28 09:42:42| Max Mem size: 8192 KB
2009/01/28 09:42:42| Max Swap size: 102400 KB
2009/01/28 09:42:42| Rebuilding storage in /usr/local/squid/var/cache
(CLEAN)
2009/01/28 09:42:42| Using Least Load store dir selection
2009/01/28 09:42:42| Set Current Directory to /usr/local/squid/var/cache
2009/01/28 09:42:42| Loaded Icons.
2009/01/28 09:42:42| Can not accept HTTPS connections at 10.1.1.100,
port 443
2009/01/28 09:42:42| Accepting HTTPS connections at 10.1.1.100, port
443, FD 12.
2009/01/28 09:42:42| Accepting ICP messages at 0.0.0.0, port 3130, FD
13.
2009/01/28 09:42:42| WCCP Disabled.
2009/01/28 09:42:42| Configuring Parent mail.domain.com/80/0
2009/01/28 09:42:42| Ready to serve requests.
2009/01/28 09:42:48| Done scanning /usr/local/squid/var/cache swaplog (0
entries)
2009/01/28 09:42:48| Finished rebuilding storage from disk.
2009/01/28 09:42:48| 0 Entries scanned
2009/01/28 09:42:48| 0 Invalid entries.
2009/01/28 09:42:48| 0 With invalid flags.
2009/01/28 09:42:48| 0 Objects loaded.
2009/01/28 09:42:48| 0 Objects expired.
2009/01/28 09:42:48| 0 Objects cancelled.
2009/01/28 09:42:48| 0 Duplicate URLs purged.
2009/01/28 09:42:48| 0 Swapfile clashes avoided.
2009/01/28 09:42:48| Took 6.1 seconds ( 0.0 objects/sec).
2009/01/28 09:42:48| Beginning Validation Procedure
2009/01/28 09:42:48| Completed Validation Procedure
2009/01/28 09:42:48| Validated 25 Entries
2009/01/28 09:42:48| store_swap_size = 0
2009/01/28 09:42:49| storeLateRelease: released 0 objects
2009/01/28 09:43:17| httpsAccept: Error allocating handle:
error:0906A068:PEM routines:PEM_do_head
er:bad password read
2009/01/28 09:43:17| httpsAccept: Error allocating handle:
error:140B0009:SSL routines:SSL_CTX_use
_PrivateKey_file:PEM lib
2009/01/28 09:43:17| httpsAccept: Error allocating handle:
error:140BA0C3:SSL routines:SSL_new:nul
l ssl ctx
2009/01/28 09:44:07| httpsAccept: Error allocating handle:
error:140BA0C3:SSL routines:SSL_new:nul
l ssl ctx
2009/01/28 09:44:07| httpsAccept: Error allocating handle:
error:140BA0C3:SSL routines:SSL_new:nul
l ssl ctx
2009/01/28 09:44:07| httpsAccept: Error allocating handle:
error:140BA0C3:SSL routines:SSL_new:nul
l ssl ctx

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Please suggest what is wrong with new certificate. Is there any problem
with pass phrase? If I go back to old certificate I face no error.

Thanks,
Rakesh Kumar
Attention:
Any non-official business related views, opinions and other information presented in this electronic mail
are solely those of the sender/author.
Burgan Bank does not endorse or accept responsibility for their opinions. If you are not the addressed
indicated in this mail or responsible for delivering this message to the intended,
you should delete this message and notify the sender immediately.
-------------------------------------------------------
Burgan Bank S.A.K
www.burgan.com
Received on Wed Jan 28 2009 - 06:53:41 MST

This archive was generated by hypermail 2.2.0 : Wed Jan 28 2009 - 12:00:03 MST