RE: [squid-users] SSL Bump Root Certificate Expiration

From: Woon Khai Swen <woonks_at_ioigroup.com>
Date: Fri, 4 Jan 2013 17:10:40 +0800

Found out the problem....

# openssl req -new -newkey rsa:1024 -days 36500 -nodes -x509 -keyout myCA.pem -out myCA.pem

# openssl x509 -in myCA.pem -outform DER -out myCA.der

Installing myCA.der as root cert shows the validity date from ýFriday, ý4 ýJanuary, ý2013 4:58:39 PM to ýThursday, ý4 ýNovember, ý1976 10:30:23 AM (1976, not 2113. it can auto back date???? :O )

Still figuring out why this happened, thou. Must be an openssl issue. The commands are copied directly from squid dynamic cert generation wiki.

Thanks for the pointer.

-----Original Message-----
From: Will Roberts [mailto:ironwill42_at_gmail.com]
Sent: Friday, 4 January, 2013 12:20 PM
To: squid-users_at_squid-cache.org
Subject: Re: [squid-users] SSL Bump Root Certificate Expiration

On 01/03/2013 11:16 PM, Woon Khai Swen wrote:
> Dear all,
>
> I found out the self signed ssl root cert for transparent SSL interception (SSL Bump + origin cert mimicking + dynamic cert generation) is valid only for 365 days max, no matter how many additional days specified in openssl cert generation command line.

Mine's good for 100 years. I'd check your command line arguments.

--Will
Received on Fri Jan 04 2013 - 09:10:52 MST

This archive was generated by hypermail 2.2.0 : Fri Jan 04 2013 - 12:00:03 MST