# uname -npv
# squid --version
Squid Cache: Version 4.9
Service Name: squid
This binary uses OpenSSL 1.1.1d-freebsd 10 Sep 2019. For legal restrictions on distribution see https://www.openssl.org/source/license.html
configure options: '--with-default-user=squid' '--bindir=/usr/local/sbin' '--sbindir=/usr/local/sbin' '--datadir=/usr/local/etc/squid' '--libexecdir=/usr/local/libexec/squid' '--localstatedir=/var' '--sysconfdir=/usr/local/etc/squid' '--with-logdir=/var/log/squid' '--with-pidfile=/var/run/squid/squid.pid' '--with-swapdir=/var/squid/cache' '--without-gnutls' '--with-included-ltdl' '--enable-auth' '--enable-zph-qos' '--enable-build-info' '--enable-loadable-modules' '--enable-removal-policies=lru heap' '--disable-epoll' '--disable-linux-netfilter' '--disable-linux-tproxy' '--disable-translation' '--disable-arch-native' '--disable-eui' '--disable-cache-digests' '--disable-delay-pools' '--disable-ecap' '--disable-esi' '--disable-follow-x-forwarded-for' '--without-heimdal-krb5' '--without-mit-krb5' '--without-gss' '--disable-htcp' '--disable-icap-client' '--disable-icmp' '--enable-ident-lookups' '--enable-ipv6' '--enable-kqueue' '--without-large-files' '--enable-http-violations' '--without-nettle' '--disable-snmp' '--enable-ssl' '--with-openssl=/usr' '--enable-security-cert-generators=file' 'LIBOPENSSL_CFLAGS=-I/usr/include' 'LIBOPENSSL_LIBS=-lcrypto -lssl' '--enable-ssl-crtd' '--disable-stacktraces' '--disable-ipf-transparent' '--enable-ipfw-transparent' '--disable-pf-transparent' '--without-nat-devpf' '--disable-forw-via-db' '--disable-wccp' '--disable-wccpv2' '--enable-auth-basic=DB SMB_LM NCSA PAM POP3 RADIUS fake getpwnam' '--enable-auth-digest=file' '--enable-external-acl-helpers=file_userip unix_group' '--enable-auth-negotiate=none' '--enable-auth-ntlm=fake SMB_LM' '--enable-storeio=aufs ufs' '--enable-disk-io=DiskThreads AIO Blocking IpcIo Mmapped' '--enable-log-daemon-helpers=file' '--enable-url-rewrite-helpers=fake' '--enable-storeid-rewrite-helpers=file' '--enable-security-cert-validators=fake' '--prefix=/usr/local' '--mandir=/usr/local/man' '--disable-silent-rules' '--infodir=/usr/local/share/info/' '--build=amd64-portbld-freebsd12.1' 'build_alias=amd64-portbld-freebsd12.1' 'CC=cc' 'CFLAGS=-O2 -pipe -Wno-error=deprecated-declarations -fstack-protector-strong -fno-strict-aliasing ' 'LDFLAGS= -pthread -L/usr/local/lib -lpcreposix -lpcre -fstack-protector-strong ' 'LIBS=' 'CPPFLAGS=-I/usr/local/include' 'CXX=c++' 'CXXFLAGS=-O2 -pipe -Wno-error=deprecated-declarations -fstack-protector-strong -fno-strict-aliasing ' 'CPP=cpp' --enable-ltdl-convenience
Yes I do. Look at the screenshot of the BLog article.You don't use the program ssl_crtd in your config?
Thanks obsigna now I understand the problem.Yes I do. Look at the screenshot of the BLog article.
PS: Actually, I don't. I forgot the tiny detail, that ssl_crtd was renamed to security_file_certgen by the Squid project. So yes, I do configure with ssl_crtd which, however installs security_file_certgen, and that is what I actually use.
I follow your guide and get stuck in one point :I wrote a BLog article about setting up a transparent SSL proxy using squid on a FreeBSD gateway - here our home server, but it would work the same for any gateway: https://obsigna.com/articles/1563917142.html
# uname -npv
server.obsigna.com FreeBSD 12.1-RELEASE-p1 GENERIC amd64
# squid --version
Code:Squid Cache: Version 4.9 Service Name: squid This binary uses OpenSSL 1.1.1d-freebsd 10 Sep 2019. For legal restrictions on distribution see https://www.openssl.org/source/license.html configure options: '--with-default-user=squid' '--bindir=/usr/local/sbin' '--sbindir=/usr/local/sbin' '--datadir=/usr/local/etc/squid' '--libexecdir=/usr/local/libexec/squid' '--localstatedir=/var' '--sysconfdir=/usr/local/etc/squid' '--with-logdir=/var/log/squid' '--with-pidfile=/var/run/squid/squid.pid' '--with-swapdir=/var/squid/cache' '--without-gnutls' '--with-included-ltdl' '--enable-auth' '--enable-zph-qos' '--enable-build-info' '--enable-loadable-modules' '--enable-removal-policies=lru heap' '--disable-epoll' '--disable-linux-netfilter' '--disable-linux-tproxy' '--disable-translation' '--disable-arch-native' '--disable-eui' '--disable-cache-digests' '--disable-delay-pools' '--disable-ecap' '--disable-esi' '--disable-follow-x-forwarded-for' '--without-heimdal-krb5' '--without-mit-krb5' '--without-gss' '--disable-htcp' '--disable-icap-client' '--disable-icmp' '--enable-ident-lookups' '--enable-ipv6' '--enable-kqueue' '--without-large-files' '--enable-http-violations' '--without-nettle' '--disable-snmp' '--enable-ssl' '--with-openssl=/usr' '--enable-security-cert-generators=file' 'LIBOPENSSL_CFLAGS=-I/usr/include' 'LIBOPENSSL_LIBS=-lcrypto -lssl' '--enable-ssl-crtd' '--disable-stacktraces' '--disable-ipf-transparent' '--enable-ipfw-transparent' '--disable-pf-transparent' '--without-nat-devpf' '--disable-forw-via-db' '--disable-wccp' '--disable-wccpv2' '--enable-auth-basic=DB SMB_LM NCSA PAM POP3 RADIUS fake getpwnam' '--enable-auth-digest=file' '--enable-external-acl-helpers=file_userip unix_group' '--enable-auth-negotiate=none' '--enable-auth-ntlm=fake SMB_LM' '--enable-storeio=aufs ufs' '--enable-disk-io=DiskThreads AIO Blocking IpcIo Mmapped' '--enable-log-daemon-helpers=file' '--enable-url-rewrite-helpers=fake' '--enable-storeid-rewrite-helpers=file' '--enable-security-cert-validators=fake' '--prefix=/usr/local' '--mandir=/usr/local/man' '--disable-silent-rules' '--infodir=/usr/local/share/info/' '--build=amd64-portbld-freebsd12.1' 'build_alias=amd64-portbld-freebsd12.1' 'CC=cc' 'CFLAGS=-O2 -pipe -Wno-error=deprecated-declarations -fstack-protector-strong -fno-strict-aliasing ' 'LDFLAGS= -pthread -L/usr/local/lib -lpcreposix -lpcre -fstack-protector-strong ' 'LIBS=' 'CPPFLAGS=-I/usr/local/include' 'CXX=c++' 'CXXFLAGS=-O2 -pipe -Wno-error=deprecated-declarations -fstack-protector-strong -fno-strict-aliasing ' 'CPP=cpp' --enable-ltdl-convenience
/usr/local/libexec/squid/security_file_certgen -c -s /usr/local/etc/squid/dyn-certs -M 4MB
Initialization SSL db...
/usr/local/libexec/squid/security_file_certgen: Cannot create /usr/local/etc/squid/dyn-certs
mkdir -p /usr/local/etc/squid/dyn-certs