Squid 4.11 Howto create SSL Bump certificates with only 3-12 months date of expiry

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

Squid 4.11 Howto create SSL Bump certificates with only 3-12 months date of expiry

Schroeffu

Hi Squid Community,

how can I configure Squid to create SSL Bump Certifications with only 3-12 months date of expiry?

Currently, Squid SSL bumped Certifications are valid 20 years in my case, way too long, as Apple & Google & Mozilla will trust only <1 Year SSL certifications in the future.

Thanks for any help!
Schroeffu

my conf:

http_port {{ inventory_hostname }}:{{ squid_port }} ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=4MB cert=/etc/squid/certs/(***).pem key=/etc/squid/certs/(***).pem
sslcrtd_program /usr/lib/squid/security_file_certgen -s /var/lib/ssl_db -M 4MB
always_direct allow all
ssl_bump bump !domains_dont_sslbump

_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users