API tools faq
paste
Advertisement
anonymouse_unix

create certificate

anonymouse_unix
May 26th, 2015
268
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Bash 1.01 KB | None | 0 0
raw download clone embed print report
  1. SQUIDCONF=/etc/squid3/squid.conf
  2. SSLCRTD=/usr/lib/squid3/ssl_crtd
  3.  
  4. echo "creating directories"
  5. mkdir -p /etc/squid3/ssl_cert /etc/squid3/ssl_cert/ssl_db
  6.  
  7. echo "about to create certificate..."
  8. cd /etc/squid3/ssl_cert
  9. openssl req -new -newkey rsa:1024 -days 365 -nodes -x509 -keyout myCA.pem  -out myCA.pem
  10. echo "creating der x509 certificate format"
  11. openssl x509 -in myCA.pem -outform DER -out myCA.der
  12. echo "the next is the certificate for client in x509 format:"
  13. cat myCA.der
  14.  
  15. echo "initializing ssl_crtd_db"
  16. $SSLCRTD -c -s /etc/squid3/ssl_cert/ssl_db
  17.  
  18. echo "changing ownership for ssl_db"
  19. chown -R nobody /etc/squid3/ssl_cert/ssl_db
  20.  
  21. echo "adding settings into squid.conf"
  22.  
  23. echo "https_port 13128 intercept ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=16MB  cert=/etc/squid3/ssl_cert/myCA.pem
  24. sslcrtd_program $SSLCRTD -s /etc/squid3/ssl_cert/ssl_db -M 16MB
  25. sslcrtd_children 10
  26. ssl_bump server-first all
  27. #sslproxy_cert_error allow all
  28. #sslproxy_flags DONT_VERIFY_PEER" >> $SQUIDCONF
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!