GSP
Quick Navigator

Search Site

Unix VPS
A - Starter
B - Basic
C - Preferred
D - Commercial
MPS - Dedicated
Previous VPSs
* Sign Up! *

Support
Contact Us
Online Help
Handbooks
Domain Status
Man Pages

FAQ
Virtual Servers
Pricing
Billing
Technical

Network
Facilities
Connectivity
Topology Map

Miscellaneous
Server Agreement
Year 2038
Credits
 

USA Flag

 

 

Man Pages


Manual Reference Pages  -  SSL_CRTD (8)

NAME

ssl_crtd - SSL certificate generator for Squid.

Version 1.0

CONTENTS

Synopsis
Description
Options
Known Issues
Configuration
Author
Copyright
Questions
Reporting Bugs
See Also

SYNOPSIS

directory size directory serial number directory

DESCRIPTION

ssl_crtd is an installed binary.

Because the generation and signing of SSL certificates takes time Squid must use external process to handle the work. This process generates new SSL certificates and uses a disk cache of certificatess to improve response times on repeated requests. Communication occurs via TCP sockets bound to the loopback interface.

OPTIONS

File system block size in bytes. Needed for processing natural size of certificate on disk. Default value is 2048 bytes. Initialize the SSL storage database and exit. Requires the -s option to determine the storage location being created. Write debug info to stderr. Display the current serial number using stderr and exit. Requires -s option to determine which storage directory the serial is located in. Display the binary help and command line syntax info using stderr. Directory path of disk storage for new SSL certificates. Maximum size of SSL certificate disk storage. HEX serial number to use when initializing an SSL storage database. The default value of serial number is the number of seconds since Epoch minus 1200000000. Display the binary version details using stderr.

KNOWN ISSUES

SSL errors after changing the CA

Certificates are stored in this database in signed form. After any change to the signing CA in squid.conf be sure to erase and re-initialize the certificate database.

Certificate chaining

The version 1.0 of this helper will not add chained intermediate CA certificates. The client must have a full chain of trust from the root CA all the way down to the end certificate generated by this program. Signing with an intermediate CA needs to install both the root and the intermediate public CA on the clients.

CONFIGURATION

Before this helper can be used the storage area for new certificates must be initialized manually. This is done from the command line using the -c parameters.

For example:

Certificates are stored in this database in signed form. After any change to the signing CA in squid.conf be sure to erase and re-initialize the certificate database.

For simple configuration the helper defaults can be used. Only HTTP listening port options are required to enable generation and set the signign CA certificate. For Example:

For more customized configuration the helper certificate storage directory location and size can be altered with the sslcrtd_program configuration directive. For example:

AUTHOR

This program was written by

This manual was written by

COPYRIGHT

* Copyright (C) 1996-2016 The Squid Software Foundation and contributors
*
* Squid software is distributed under GPLv2+ license and includes
* contributions from numerous individuals and organizations.
* Please see the COPYING and CONTRIBUTORS files for details.

QUESTIONS

Questions on the usage of this program can be sent to the Squid Users mailing list

REPORTING BUGS

Bug reports need to be made in English. See http://wiki.squid-cache.org/SquidFaq/BugReporting for details of what you need to include with your bug report.

Report bugs or bug fixes using http://bugs.squid-cache.org/

Report serious security bugs to Squid Bugs <squid-bugs@squid-cache.org>

Report ideas for new improvements to the Squid Developers mailing list

SEE ALSO

The Squid FAQ wiki
The Squid Configuration Manual
Search for    or go to Top of page |  Section 8 |  Main Index


Powered by GSP Visit the GSP FreeBSD Man Page Interface.
Output converted with manServer 1.07.