'[squid-users] Squid 4.11 Howto create SSL Bump certificates with only 3-12 months date of expiry'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       squid-users
Subject:    [squid-users] Squid 4.11 Howto create SSL Bump certificates with only 3-12 months date of expiry
From:       info () schroeffu ! ch
Date:       2020-06-29 15:13:24
Message-ID: 3375f400073c90c55debdd21ab57da60 () schroeffu ! ch
[Download RAW message or body]

[Attachment #2 (multipart/alternative)]


Hi Squid Community,

how can I configure Squid to create SSL Bump Certifications with only 3-12 months \
date of expiry?

Currently, Squid SSL bumped Certifications are valid 20 years in my case, way too \
long, as Apple & Google & Mozilla will trust only <1 Year SSL certifications in the \
future.

Thanks for any help!
Schroeffu

my conf:

http_port {{ inventory_hostname }}:{{ squid_port }} ssl-bump \
generate-host-certificates=on dynamic_cert_mem_cache_size=4MB \
cert=/etc/squid/certs/(***).pem key=/etc/squid/certs/(***).pem sslcrtd_program \
/usr/lib/squid/security_file_certgen -s /var/lib/ssl_db -M 4MB always_direct allow \
all ssl_bump bump !domains_dont_sslbump


[Attachment #5 (text/html)]

<!DOCTYPE html><html><head><meta http-equiv="Content-Type" content="text/html; \
charset=utf-8" /></head><body><div data-html-editor-font-wrapper="true" \
style="font-family: arial, sans-serif; font-size: 13px;"><br>Hi Squid \
Community,<br><br>how can I configure Squid to create SSL Bump Certifications with \
only 3-12 months date of expiry?<br><br>Currently, Squid SSL bumped Certifications \
are valid 20 years in my case, way too long, as Apple &amp; Google &amp; Mozilla will \
trust only &lt;1 Year SSL certifications in the future.<br><br>Thanks for any \
help!<br>Schroeffu<br><br>my conf:<br><br>http_port {{ inventory_hostname }}:{{ \
squid_port }} ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=4MB \
cert=/etc/squid/certs/(***).pem key=/etc/squid/certs/(***).pem<br>sslcrtd_program \
/usr/lib/squid/security_file_certgen -s /var/lib/ssl_db -M 4MB<br>always_direct allow \
all<br>ssl_bump bump !domains_dont_sslbump<signature></signature></div></body></html>


[Attachment #6 (text/plain)]

_______________________________________________
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic