squid配置https遇到的问题
时间:2011-07-07
来源:互联网
关于HTTPS通讯,在验证过程中有问题
首先说个架构,client-----------------squid代理-----------------webserver
我需要在整个过程中都使用HTTPS通讯,我在squid和webserver都部署好了服务器证书,并且在我squid上也已经部署了CA证书。而验证过程是client发生请求到我squid上,验证我squid上部署的证书是否受信任,然后再由我squid去到webserver上验证我webserver的证书是否受信任。现在client能够验证我squid上的服务器证书是受信任的,但在我squid到webserver去验证的时候会有问题,从我squid的cache.log中会有如下的报错信息:
Jul 7 14:43:49 x.x.x.x squid[785]: Using private key in /usr/local/squid/cap/success.352.cn.key
Jul 7 14:43:49 x.x.x.x squid[785]: Error error setting CA certificate locations: error:02001002:system library:fopen:No such file or directory
Jul 7 14:43:50 x.x.x.x squid[785]: continuing anyway...
Jul 7 14:43:50 x.x.x.x squid[785]: Initialising SSL.
Jul 7 14:43:50 x.x.x.x squid[785]: NOTICE: Peer certificates are not verified for validity!
Jul 7 14:43:50 x.x.x.x squid[785]: Initialising SSL.
Jul 7 14:43:50 x.x.x.x squid[785]: Error error setting CA certificate locations: error:02001002:system library:fopen:No such file or directory
Jul 7 14:43:50 x.x.x.x squid[785]: continuing anyway...
Jul 7 14:43:50 x.x.x.x squid[785]: Cache dir '/cache1' size remains unchanged at 102400000 KB
Jul 7 14:43:50 x.x.x.x squid[785]: Cache dir '/cache2' size remains unchanged at 102400000 KB
Jul 7 14:43:50 x.x.x.x squid[785]: Logformat for 'combined' is '%>a %ui %un [%tl] "%rm %ru HTTP/%rv" %Hs %<st "%{Referer}>h" "%{User-Agent}>h" %Ss:%Sh'
Jul 7 14:43:50 x.x.x.x squid[785]: accessLogParseLogFormat: got definition '%>a %ui %un [%tl] "%rm %ru HTTP/%rv" %Hs %<st "%{Referer}>h" "%{User-Agent}>h" %Ss:%Sh'
Jul 7 14:43:50 x.x.x.x squid[785]: WARNING: use of 'override-lastmod' in 'refresh_pattern' violates HTTP
Jul 7 14:43:50 x.x.x.x squid[785]: Initialising SSL.
Jul 7 14:43:50 x.x.x.x squid[785]: Error error setting CA certificate locations: error:02001002:system library:fopen:No such file or directory
而在访问使用https的域名htttps://www.exzanpm.com/时,有如下报错:
Jul 7 15:02:23 x.x.x.x squid[785]: SSL unknown certificate error 20 in /CN=www.exzanpm.com
Jul 7 15:02:23 x.x.x.x squid[785]: fwdNegotiateSSL: Error negotiating SSL connection on FD 35: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed (1/-1/0)
Jul 7 15:02:23 x.x.x.x squid[785]: TCP connection to webserverhost (webserverhost:443) failed
这到底是哪里有问题呢??不知道各位有没有建议?
首先说个架构,client-----------------squid代理-----------------webserver
我需要在整个过程中都使用HTTPS通讯,我在squid和webserver都部署好了服务器证书,并且在我squid上也已经部署了CA证书。而验证过程是client发生请求到我squid上,验证我squid上部署的证书是否受信任,然后再由我squid去到webserver上验证我webserver的证书是否受信任。现在client能够验证我squid上的服务器证书是受信任的,但在我squid到webserver去验证的时候会有问题,从我squid的cache.log中会有如下的报错信息:
Jul 7 14:43:49 x.x.x.x squid[785]: Using private key in /usr/local/squid/cap/success.352.cn.key
Jul 7 14:43:49 x.x.x.x squid[785]: Error error setting CA certificate locations: error:02001002:system library:fopen:No such file or directory
Jul 7 14:43:50 x.x.x.x squid[785]: continuing anyway...
Jul 7 14:43:50 x.x.x.x squid[785]: Initialising SSL.
Jul 7 14:43:50 x.x.x.x squid[785]: NOTICE: Peer certificates are not verified for validity!
Jul 7 14:43:50 x.x.x.x squid[785]: Initialising SSL.
Jul 7 14:43:50 x.x.x.x squid[785]: Error error setting CA certificate locations: error:02001002:system library:fopen:No such file or directory
Jul 7 14:43:50 x.x.x.x squid[785]: continuing anyway...
Jul 7 14:43:50 x.x.x.x squid[785]: Cache dir '/cache1' size remains unchanged at 102400000 KB
Jul 7 14:43:50 x.x.x.x squid[785]: Cache dir '/cache2' size remains unchanged at 102400000 KB
Jul 7 14:43:50 x.x.x.x squid[785]: Logformat for 'combined' is '%>a %ui %un [%tl] "%rm %ru HTTP/%rv" %Hs %<st "%{Referer}>h" "%{User-Agent}>h" %Ss:%Sh'
Jul 7 14:43:50 x.x.x.x squid[785]: accessLogParseLogFormat: got definition '%>a %ui %un [%tl] "%rm %ru HTTP/%rv" %Hs %<st "%{Referer}>h" "%{User-Agent}>h" %Ss:%Sh'
Jul 7 14:43:50 x.x.x.x squid[785]: WARNING: use of 'override-lastmod' in 'refresh_pattern' violates HTTP
Jul 7 14:43:50 x.x.x.x squid[785]: Initialising SSL.
Jul 7 14:43:50 x.x.x.x squid[785]: Error error setting CA certificate locations: error:02001002:system library:fopen:No such file or directory
而在访问使用https的域名htttps://www.exzanpm.com/时,有如下报错:
Jul 7 15:02:23 x.x.x.x squid[785]: SSL unknown certificate error 20 in /CN=www.exzanpm.com
Jul 7 15:02:23 x.x.x.x squid[785]: fwdNegotiateSSL: Error negotiating SSL connection on FD 35: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed (1/-1/0)
Jul 7 15:02:23 x.x.x.x squid[785]: TCP connection to webserverhost (webserverhost:443) failed
这到底是哪里有问题呢??不知道各位有没有建议?
作者: THXYH 发布时间: 2011-07-07
Jul 7 14:43:49 x.x.x.x squid[785]: Error error setting CA certificate locations: error:02001002:system library:fopen:No such file or directory
要么是路径不对~~~要么就是权限不对·~~~
要么是路径不对~~~要么就是权限不对·~~~
作者: dn833 发布时间: 2011-07-07
CA证书的路径检查了 没有错,权限的话我都给了744了,还是报同样的错!!
作者: THXYH 发布时间: 2011-07-07
相关阅读 更多
热门阅读
-
office 2019专业增强版最新2021版激活秘钥/序列号/激活码推荐 附激活工具
阅读:74
-
如何安装mysql8.0
阅读:31
-
Word快速设置标题样式步骤详解
阅读:28
-
20+道必知必会的Vue面试题(附答案解析)
阅读:37
-
HTML如何制作表单
阅读:22
-
百词斩可以改天数吗?当然可以,4个步骤轻松修改天数!
阅读:31
-
ET文件格式和XLS格式文件之间如何转化?
阅读:24
-
react和vue的区别及优缺点是什么
阅读:121
-
支付宝人脸识别如何关闭?
阅读:21
-
腾讯微云怎么修改照片或视频备份路径?
阅读:28
