Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    SSL Certificate Deamon Children

    Cache/Proxy
    1
    1
    1.0k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • BismarckB
      Bismarck
      last edited by

      SSL Certificate Deamon Children needs a little tweaking, like:

      Default Value: sslcrtd_children 32 startup=5 idle=1

      or it always will just spawn 5 children, no matter what you put in there, because of the missing arguments startup and idle.

      Source: http://www.squid-cache.org/Doc/config/sslcrtd_children/

      Q&D Patch:

      --- /usr/local/pkg/squid.inc	2017-08-17 17:54:28.000000000 +0200
+++ /usr/local/pkg/squid.inc.patch	2017-08-17 17:56:21.000000000 +0200
@@ -1168,7 +1168,7 @@
 				$sslcrtd_children = ($settings['sslcrtd_children'] ? $settings['sslcrtd_children'] : 5);
 				$ssl_interception .= "ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=" . ($sslcrtd_children*2) . "MB cert={$crt_pk} capath={$crt_capath} cipher={$sslproxy_cipher} {$sslproxy_dhparams} options={$sslproxy_options}\n";
 				$interception_checks = "sslcrtd_program " . SQUID_LOCALBASE . "/libexec/squid/ssl_crtd -s " . SQUID_SSL_DB . " -M 4MB -b 2048\n";
-				$interception_checks .= "sslcrtd_children {$sslcrtd_children}";
+				$interception_checks .= "sslcrtd_children {$sslcrtd_children} startup=10 idle=1\n";
 				$interception_checks .= "sslproxy_capath {$crt_capath}\n";
 				$interception_checks .= "sslproxy_options {$sslproxy_options}\n";
 				$interception_checks .= "sslproxy_cipher {$sslproxy_cipher}\n";

      :)

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.