Henrik and Brian,

As recommended, I created certificates and keys for my
Squid server using openssl

Created certificate:
>openssl genrsa -des3 -out webcache2.key 1024


Created CSR:
>openssl req -new -key webcache2.key -out webcache2.csr


Then Signed it:
>openssl x509 -req -days 3650 -in webcache2.csr -signkey webcache2.key =

-out webcache2.crt


Modified my squid.conf file by adding the following line
https_port 199.9.2.137:443 =
cert=3D/users/webuser/squid3.0/conf/ssl.crt/webcache2.crt =
key=3D/users/webuser/squid
3.0/conf/ssl.key/webcache2.key

When I go to start Squid get:
bash-2.05$ ./squid =20
2004/02/09 15:14:51| Failed to acquire SSL certificate =
'/users/webuser/squid3.0/conf/ssl.crt/webcache2.crt': =
error:02001002:system library:fopen:No such file or directory
FATAL: Bungled squid.conf line 135: https_port 199.9.2.137:443 =
cert=3D/users/webuser/squid3.0/conf/ssl.crt/webcache2.crt =
key=3D/users/webuser/squid3.0/conf/ssl.key/webcache2.key
Squid Cache (Version 3.0-PRE3): Terminated abnormally.
CPU Usage: 0.020 seconds =3D 0.020 user + 0.000 sys
Maximum Resident Size: 0 KB
Page faults with physical i/o: 429
Aborted

Did a google search and found that Henrik had recommended to someone who =
reported the
same problem the following:

>If you use encrypted RSA keys then you must start Squid with the -N=20

option

So tried:
bash-2.05$ ./squid -N
2004/02/09 15:16:34| Failed to acquire SSL certificate =
'/users/webuser/squid3.0/conf/ssl.crt/webcache2.crt': =
error:02001002:system library:fopen:No such file or directory
FATAL: Bungled squid.conf line 135: https_port 199.9.2.137:443 =
cert=3D/users/webuser/squid3.0/conf/ssl.crt/webcache2.crt =
key=3D/users/webuser/squid3.0/conf/ssl.key/webcache2.key
Squid Cache (Version 3.0-PRE3): Terminated abnormally.
CPU Usage: 0.010 seconds =3D 0.010 user + 0.000 sys
Maximum Resident Size: 0 KB
Page faults with physical i/o: 429
Aborted

And also

bash-2.05$ ./squid -v
Squid Cache: Version 3.0-PRE3
configure options: '--prefix=3D/users/webuser/squid3.0' =
'--enable-storeio=3Ddiskd,ufs' '--enable-ssl' =
'--with-openssl=3D/usr/lib'

I noticed that in the default squid.conf file it talks about
cert=3Dcertificate.pem [key=3Dkey.pem]

Does the fact that my keys and certificates end in .key cause the =
failure?

Thank you,
John Kent
Webmaster
Naval Research Laboratory
Monterey, CA

-----Original Message-----
From: Henrik Nordstrom [mailto:hno@squid-cache.org]
Sent: Friday, February 06, 2004 7:32 PM
To: Kent, Mr. John (Contractor)
Cc: Squid_Users (E-mail)
Subject: RE: Squid Accelerator and SSL


On Fri, 6 Feb 2004, Kent, Mr. John (Contractor) wrote:

> The problem I now have is that the accelerator works perfectly and =

hides
> the fact that the client is connecting to an https server. =20


You should set up Squid as an https reverse proxy. See the https_port=20
directive.

Regards
Hernik