3月 072017
 

 

[mysqld]
ssl-ca=/etc/mysql-ssl/ca-cert.pem
ssl-cert=/etc/mysql-ssl/server-cert.pem
ssl-key=/etc/mysql-ssl/server-key.pem
ssl-cipher=AES128+EECDH:AES128+EDH
# replication:
GRANT REPLICATION SLAVE ON *.* to ‘repl’@’%’ REQUIRE SSL;
STOP SLAVE;
CHANGE MASTER MASTER_SSL=1,
MASTER_SSL_CA=’/etc/mysql-ssl/ca-cert.pem’,
MASTER_SSL_CERT=’/etc/mysql-ssl/client-cert.pem’,
MASTER_SSL_KEY=’/etc/mysql-ssl/client-key.pem';
SHOW SLAVE STATUS\G;
START SLAVE;
SHOW SLAVE STATUS\G;

内容引用:
(1)cipherlist

9月 062013
 

源码编译版本squid 3.3.8启动时message中的错误信息

[root@localhost etc]# ../sbin/squid
 Enter PEM pass phrase:
 [root@localhost etc]#
[root@localhost ~]# less /var/log/messages
 Sep  6 10:09:13 localhost (squid-1): No valid signing SSL certificate configured for https_port [::]:443

使用YUM安装的squid版本信息

[root@localhost ~]# rpm -q squid
 squid-3.1.10-18.el6_4.i686
 [root@localhost ~]#

在使用相同配置文件时squid的启动错误信息

[root@localhost ~]# less /var/log/squid/cache.log
 2013/09/06 10:41:40| Ignoring https_port [::]:443 due to SSL initialization failure.
[root@localhost ~]# less /var/log/messages
 Sep  5 13:35:55 localhost (squid): Cannot open HTTP Port
[root@localhost ~]# less /var/log/squid/cache.log
 2013/09/05 13:36:51| Failed to acquire SSL private key '/usr/local/squid/server.key': error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt

取消server.key的密码保护

[root@localhost ~]# openssl rsa -in server.key -out nserver.key
 Enter pass phrase for server.key:
 writing RSA key
 [root@localhost ~]#

修改squid.conf配置文件

https_port 443 accel cert=/usr/local/squid/server.pem key=/usr/local/squid/server.key defaultsite=hk.linuxcache.com vhost
 cache_peer 175.10.20.30 parent 80 0 no-query originserver name=my443
 acl hk_ssl dstdomain hk.linuxcache.com
 cache_peer_access my443 allow hk_ssl
 http_access allow hk_ssl
 http_access deny all

启动squid并查看监听端口80和443已启用

[root@localhost ~]# /usr/local/squid/sbin/squid
 [root@localhost ~]# netstat -ant
 Active Internet connections (servers and established)
 Proto Recv-Q Send-Q Local Address               Foreign Address             State
 tcp        0      0 0.0.0.0:111                 0.0.0.0:*                   LISTEN
 tcp        0      0 0.0.0.0:22                  0.0.0.0:*                   LISTEN
 tcp        0      0 0.0.0.0:53852               0.0.0.0:*                   LISTEN
 tcp        0     52 192.168.111.134:22          192.168.111.1:55917         ESTABLISHED
 tcp        0      0 :::111                      :::*                        LISTEN
 tcp        0      0 :::80                       :::*                        LISTEN
 tcp        0      0 :::22                       :::*                        LISTEN
 tcp        0      0 :::443                      :::*                        LISTEN
 tcp        0      0 :::32863                    :::*                        LISTEN
 [root@localhost ~]#