After logging in as the effective user and setting the cache and log ownership to this account when I launch squid I get this:
commBind: Cannot bind socket FD 12 to *:443: (13) Permission denied FATAL: Cannot open HTTP Port -----Original Message----- From: Jason Hitt [mailto:[EMAIL PROTECTED] Sent: Tuesday, June 05, 2007 9:56 AM To: [email protected] Subject: RE: [squid-users] Cert issue on reserve proxy I was running squid as nobody:nogroup but made a user for squid and added it to cache_effective_user, logged in as the user and run the openssl command. Got whats below. Why does it say protocol is TLS, shouldn't it be sslv3? CONNECTED(00000004) depth=0 /CN=<url> verify error:num=18:self signed certificate verify return:1 depth=0 /CN=<url> verify return:1 --- Certificate chain 0 s:/CN=<url> i:/CN=<url> --- Server certificate -----BEGIN CERTIFICATE----- <cert info> -----END CERTIFICATE----- subject=/CN=<url> issuer=/CN=<url> --- No client certificate CA names sent --- SSL handshake has read 659 bytes and written 324 bytes --- New, TLSv1/SSLv3, Cipher is RC4-MD5 Server public key is 1024 bit SSL-Session: Protocol : TLSv1 Cipher : RC4-MD5 Session-ID: 7E1B0000FBDFFEC0CE1EAAAAA79B9A990AEDB5D92D7F3F6A0E213610D3EDC49E Session-ID-ctx: Master-Key: <key info> Key-Arg : None Start Time: 1181055015 Timeout : 300 (sec) Verify return code: 18 (self signed certificate) -----Original Message----- From: Henrik Nordstrom [mailto:[EMAIL PROTECTED] Sent: Monday, June 04, 2007 4:37 PM To: Jason Hitt Cc: [email protected] Subject: RE: [squid-users] Cert issue on reserve proxy mån 2007-06-04 klockan 11:20 -0500 skrev Jason Hitt: > When I added it to cache_effective_user as you mentioned I states theres no > account named "openssl". I made one just to see if that's what you meant and > gave the openssl account ownership of the logs and caches as needed butI get > an abort trap. I'm stumped. Abort to do a port mirror and wireshark the ssl > exchange. I want you to run the openssl s_client command as the cache_effective_user on your Squid server, whatever that is on your server, not as root. I do not want you to change the cache_effective_user in suqid.conf at all. Just to run the openssl command as the user cache_effective_user is set to run Squid under.. Regards Henrik
