security_file_certgen

Because the standard generation of SSL certificates for sslBump feature, Squid must use external process to actually make these calls. This process generate new ssl certificates and worked with ssl certificates disk cache. Typically there will be five certificate generator processes spawned from Squid. Communication occurs via TCP sockets bound to the loopback interface. The class in helper.h are primally concerned with starting and stopping the helpers. Reading and writing to and from the helpers occurs in the IP and the dnsservers occurs in the IP and FQDN cache modules.

Command Line Interface

usage: security_file_certgen -hv -s directory -M size -b fs_block_size
    -h                   Help
    -v                   Version
    -s directory         Directory path of SSL storage database.
    -M size              Maximum size of SSL certificate disk storage.
    -b fs_block_size     File system block size in bytes. Need for processing
                         natural size of certificate on disk. Default value is
                         2048 bytes.

    After running write requests in the next format:
    <request code><whitespace><body_len><whitespace><body>
    There are two kind of request now:
    new_certificate 14 host=host.dom
        Create new private key and selfsigned certificate for "host.dom".

    new_certificate xxx host=host.dom
    -----BEGIN CERTIFICATE-----
    ...
    -----END CERTIFICATE-----
    -----BEGIN RSA PRIVATE KEY-----
    ...
    -----END RSA PRIVATE KEY-----
        Create new private key and certificate request for "host.dom".
        Sign new request by received certificate and private key.

usage: security_file_certgen -c -s ssl_store_path\n
    -c                   Init ssl db directories and exit.