Re: [squid-users] Dynamic Certs - No Valid SSL Signing Cert

From: Ahmed Talha Khan <auny87_at_gmail.com>
Date: Thu, 18 Oct 2012 09:22:38 +0500

Try giving the key=/path-to-key directive. It would be the same as
cert if you have them in the same file.

On Thu, Oct 18, 2012 at 12:09 AM, Jesse Smith <jessesmith_at_affinitygs.com> wrote:
> When trying to generate dynamic certs using ssl-bump and Squid 3.3, we are
> getting the "No Valid SSL Signing Cert .." message, though the path to the
> cert is correct, as is the permissions on the cert file.
>
> We are trying to use a CA cert for the purpose of signing the dynamically
> generated cert. The Squid config is for https port is below:
>
> =============================================================
> https_port 10.1.10.136:443 ssl-bump intercept generate-host-certificates=on
> dynamic_cert_mem_cache_size=4MB
> cert=/usr/local/squid/var/ssl_db/certs/DigiCertHighAssuranceEVRootCA.crt
> vhost
> =============================================================
>
> Does anyone know why this cert would not be a valid signing cert? It works
> when using a self-signed cert, but get the message Protocol error (TLS code:
> X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT), because the signing cert is not
> trusted to sign the generated cert, hence going with the CA cert for trusted
> signing.
>
> Thanks,
> Jesse

-- 
Regards,
-Ahmed Talha Khan
Received on Thu Oct 18 2012 - 04:22:45 MDT

This archive was generated by hypermail 2.2.0 : Thu Oct 18 2012 - 12:00:03 MDT