- Because the standard generation of SSL certificates for sslBump feature, Squid must use external process to actually make these calls. This process generate new ssl certificates and worked with ssl certificates disk cache. Typically there will be five certificate generator processes spawned from Squid. Communication occurs via TCP sockets bound to the loopback interface. The class in helper.h are primally concerned with starting and stopping the helpers. Reading and writing to and from the helpers occurs in the IP and the dnsservers occurs in the IP and FQDN cache modules.
Command Line Interface
usage: security_file_certgen -hv -s ssl_storage_path -M storage_max_size
-s ssl_storage_path Path to specific disk storage of ssl server
-M storage_max_size max size of ssl certificates storage.
-b fs_block_size File system block size in bytes. Need for processing
natural size of certificate on disk. Default value is
After running write requests in the next format:
There are two kind of request now:
new_certificate 14 host=host.dom
Create new private key and selfsigned certificate for "host.dom".
new_certificate xxx host=host.dom
-----BEGIN RSA PRIVATE KEY-----
-----END RSA PRIVATE KEY-----
Create new private key and certificate request for "host.dom".
Sign new request by received certificate and private key.
usage: security_file_certgen -c -s ssl_store_path\n
-c Init ssl db directories and exit.