[prev in list] [next in list] [prev in thread] [next in thread]
List: squid-users
Subject: [squid-users] Squid 4.11 Howto create SSL Bump certificates with only 3-12 months date of expiry
From: info () schroeffu ! ch
Date: 2020-06-29 15:13:24
Message-ID: 3375f400073c90c55debdd21ab57da60 () schroeffu ! ch
[Download RAW message or body]
[Attachment #2 (multipart/alternative)]
Hi Squid Community,
how can I configure Squid to create SSL Bump Certifications with only 3-12 months \
date of expiry?
Currently, Squid SSL bumped Certifications are valid 20 years in my case, way too \
long, as Apple & Google & Mozilla will trust only <1 Year SSL certifications in the \
future.
Thanks for any help!
Schroeffu
my conf:
http_port {{ inventory_hostname }}:{{ squid_port }} ssl-bump \
generate-host-certificates=on dynamic_cert_mem_cache_size=4MB \
cert=/etc/squid/certs/(***).pem key=/etc/squid/certs/(***).pem sslcrtd_program \
/usr/lib/squid/security_file_certgen -s /var/lib/ssl_db -M 4MB always_direct allow \
all ssl_bump bump !domains_dont_sslbump
[Attachment #5 (text/html)]
<!DOCTYPE html><html><head><meta http-equiv="Content-Type" content="text/html; \
charset=utf-8" /></head><body><div data-html-editor-font-wrapper="true" \
style="font-family: arial, sans-serif; font-size: 13px;"><br>Hi Squid \
Community,<br><br>how can I configure Squid to create SSL Bump Certifications with \
only 3-12 months date of expiry?<br><br>Currently, Squid SSL bumped Certifications \
are valid 20 years in my case, way too long, as Apple & Google & Mozilla will \
trust only <1 Year SSL certifications in the future.<br><br>Thanks for any \
help!<br>Schroeffu<br><br>my conf:<br><br>http_port {{ inventory_hostname }}:{{ \
squid_port }} ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=4MB \
cert=/etc/squid/certs/(***).pem key=/etc/squid/certs/(***).pem<br>sslcrtd_program \
/usr/lib/squid/security_file_certgen -s /var/lib/ssl_db -M 4MB<br>always_direct allow \
all<br>ssl_bump bump !domains_dont_sslbump<signature></signature></div></body></html>
[Attachment #6 (text/plain)]
_______________________________________________
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic