[squid-users] ssl bump, CA certificate renewal, how to?
Dmitry Melekhov
dm at belkam.com
Tue Jan 15 05:01:41 UTC 2019
Hello!
According to
https://wiki.squid-cache.org/Features/DynamicSslCert
recommended way to create certificate
openssl req -new -newkey rsa:2048 -sha256 -days 365 -nodes -x509 -extensions v3_ca -keyout myCA.pem -out myCA.pem
we can create certificate for longer time.
But sooner or later we'll have to renew it.
In this case, once we replaced certificate, it should be immediately replaced on user's computers,
not easy task, I don't sure it can be achieved in our environment.
We had the same issue with openvpn, fortunately it can check certificates from several ca's places in the same file,
so we had old and new certificates for some time.
I don't know is it possible to do something similar with squid and dynamic certificate generation,
I know it does not work now.
Could you share your experience? How do you replace certificates?
Thank you!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20190115/67fe61ef/attachment.html>
More information about the squid-users
mailing list