Rakesh Jha wrote:
> Hi,
>
> I have squid V3 PRE5 running RHL for 2 years without any problem for
> https access to OWA. As the ssl certificate was expiring we received a
> new ssl certificate and since then I have problem. I have installed a
> new box with Squid3.0.STABLE12.
>
> When I start squid with "-DYNCD3" option I can do https to OWA but squid
> aborts after some time.
>
> And when I start squid without any option, I can not access OWA and get
> "page cannot be displayed" and cache.log registers following error when
> I do first time: https://owa
>
>
>
> 2009/02/08 16:52:27| httpsAccept: Error allocating handle:
> error:0906A068:PEM routines:PEM_do_header:bad password read
>
> 2009/02/08 16:52:27| httpsAccept: Error allocating handle:
> error:140B0009:SSL routines:SSL_CTX_use_PrivateKey_file:PEM lib
>
> On refreshing the screen -
>
> 2009/02/08 16:52:37| httpsAccept: Error allocating handle:
> error:140BA0C3:SSL routines:SSL_new:null ssl ctx
>
> 2009/02/08 16:52:37| httpsAccept: Error allocating handle:
> error:140BA0C3:SSL routines:SSL_new:null ssl ctx
>
> What could be the problem? Please help.
>
Squid by default runs as a daemon mode. Setting up a parent process that
monitors several child processes to make sure the service is never down
for long in the event of a fatal crash.
When started like that (no special options) there may be no way for the
child process or recovered process to ask for the certificate password.
You have two options:
* ALWAYS do the manual start with options preventing daemon and
recovery mode.
* use PEM certificate that is signed but not password encrypted.
Amos
-- Please be using Current Stable Squid 2.7.STABLE6 or 3.0.STABLE13 Current Beta Squid 3.1.0.5Received on Mon Feb 09 2009 - 07:02:40 MST
This archive was generated by hypermail 2.2.0 : Mon Feb 09 2009 - 12:00:02 MST