Re: [squid-users] FATAL: No valid signing SSL certificate configured for https_port

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Thu, 03 Jul 2014 18:36:57 +1200

On 2014-07-03 06:16, Eliezer Croitoru wrote:
> Hey Amos,
>
> I was thinking about something in the past and I will try my best to
> understand what can be done.
> Basically from what I understand even a read is not possible due to
> SELINUX by squid.
> So by that: A simple file "open" for read test on the certificates or
> even any other settings related files basic test can help to identify
> issues.
>
> What do you think about a basic "read"(and maybe a stat on the file
> for debug) test for all the main files?
> Compared to squid load this would be a piece of cake.
>
> Specifically for the certificate is one thing since OpenSSL dosn't
> provide too much.
>
> A pointer to find where the certificate read happens will be helpful.

The cache.cf.cc function DoConfigure is the best place to start for that
check currently. It contains some for-loops initializing each http_port
and https_port entries SSL contexts. You may put the test directly in
those loops, or inside the SSL context setup function they call.

Amos
Received on Thu Jul 03 2014 - 06:37:06 MDT

This archive was generated by hypermail 2.2.0 : Thu Jul 03 2014 - 12:00:05 MDT