On Mon, 9 Feb 2004, Kent, Mr. John (Contractor) wrote: > Henrik and Brian, > > As recommended, I created certificates and keys for my > Squid server using openssl > > Created certificate: > >openssl genrsa -des3 -out webcache2.key 1024
This generates an encryted RSA key of 1024 bits. Squid can not load encrypted RSA keys unless you start it with the -N option. Recommend to decrypt the key unless you actually want to have to enter the encryption key manually each time Squid is restarted. > Created CSR: > >openssl req -new -key webcache2.key -out webcache2.csr > > Then Signed it: > >openssl x509 -req -days 3650 -in webcache2.csr -signkey webcache2.key -out > >webcache2.crt This generates the certificate. > Modified my squid.conf file by adding the following line > https_port 199.9.2.137:443 cert=/users/webuser/squid3.0/conf/ssl.crt/webcache2.crt > key=/users/webuser/squid > 3.0/conf/ssl.key/webcache2.key > > When I go to start Squid get: > bash-2.05$ ./squid > 2004/02/09 15:14:51| Failed to acquire SSL certificate > '/users/webuser/squid3.0/conf/ssl.crt/webcache2.crt': error:02001002:system > library:fopen:No such file or directory > FATAL: Bungled squid.conf line 135: https_port 199.9.2.137:443 > cert=/users/webuser/squid3.0/conf/ssl.crt/webcache2.crt > key=/users/webuser/squid3.0/conf/ssl.key/webcache2.key The error indiates that /users/webuser/squid3.0/conf/ssl.crt/webcache2.crt does not exists, or maybe that Squid does not have permission to enter the directory. Maybe more information is given if you start Squid with the -X flag. Regards Henrik
