[squid-users] Squid 4.11 Howto create SSL Bump certificates with only 3-12 months date of expiry
info at schroeffu.ch
info at schroeffu.ch
Mon Jun 29 15:13:24 UTC 2020
Hi Squid Community,
how can I configure Squid to create SSL Bump Certifications with only 3-12 months date of expiry?
Currently, Squid SSL bumped Certifications are valid 20 years in my case, way too long, as Apple & Google & Mozilla will trust only <1 Year SSL certifications in the future.
Thanks for any help!
Schroeffu
my conf:
http_port {{ inventory_hostname }}:{{ squid_port }} ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=4MB cert=/etc/squid/certs/(***).pem key=/etc/squid/certs/(***).pem
sslcrtd_program /usr/lib/squid/security_file_certgen -s /var/lib/ssl_db -M 4MB
always_direct allow all
ssl_bump bump !domains_dont_sslbump
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20200629/d71526b9/attachment.html>
More information about the squid-users
mailing list