Re: [squid-users] wild card ssl certificate

Hi Amos,

Tired with the changed worked very well no issues

One small change in the wiki

in openssl.cnf
it is mentioned as

dir = /usr/newrprgate/CertAuth

but

mkdir newprpgate; cd newrprgate

should be mkdir newrprgate

if possible please correct in the wiki

//Remy

On Mon, 2009-07-06 at 10:45 +1200, Amos Jeffries wrote:
> Mario Remy Almeida wrote:
> > Hi All
> >
> > I followed the steps mentioned in the below url
> > http://wiki.squid-cache.org/ConfigExamples/Reverse/SslWithWildcardCertifiate
> >
> > when below cmd executed
> >
> > openssl req -x509 -newkey rsa -out cacert.pem -outform PEM -days 1000
> >
> > I get below message which means some options missing.
> >
> > can someone tell me what am i missing?
> >
> > is it rsa:1024 instead rsa?
>
> Yes it needs the bit-length. Though for the CA cert its advised to use
> stronger/longer bit length than normal. 2048 bits is mentioned in the
> wiki for now.
>
> Thanks for reporting that. Wiki updated.
>
> Amos
>
> >
> >
> > req [options] <infile >outfile
> > where options are
> > -inform arg input format - DER or PEM
> > -outform arg output format - DER or PEM
> > -in arg input file
> > -out arg output file
> > -text text form of request
> > -pubkey output public key
> > -noout do not output REQ
> > -verify verify signature on REQ
> > -modulus RSA modulus
> > -nodes don't encrypt the output key
> > -engine e use engine e, possibly a hardware device
> > -subject output the request's subject
> > -passin private key password source
> > -key file use the private key contained in file
> > -keyform arg key file format
> > -keyout arg file to send the key to
> > -rand file:file:...
> > load the file (or the files in the directory) into
> > the random number generator
> > -newkey rsa:bits generate a new RSA key of 'bits' in size
> > -newkey dsa:file generate a new DSA key, parameters taken from CA in
> > 'file'
> > -[digest] Digest to sign with (md5, sha1, md2, mdc2, md4)
> > -config file request template file.
> > -subj arg set or modify request subject
> > -multivalue-rdn enable support for multivalued RDNs
> > -new new request.
> > -batch do not ask anything during request generation
> > -x509 output a x509 structure instead of a cert. req.
> > -days number of days a certificate generated by -x509 is valid
> > for.
> > -set_serial serial number to use for a certificate generated by
> > -x509.
> > -newhdr output "NEW" in the header lines
> > -asn1-kludge Output the 'request' in a format that is wrong but some
> > CA's
> > have been reported as requiring
> > -extensions .. specify certificate extension section (override value in
> > config file)
> > -reqexts .. specify request extension section (override value in
> > config file)
> > -utf8 input characters are UTF8 (default ASCII)
> > -nameopt arg - various certificate name options
> > -reqopt arg - various request text options
> >
> >
> > //Remy
> >
> >
> > ------------------------------------------------------------------------------
> > Disclaimer and Confidentiality
> >
> >
> > This material has been checked for computer viruses and although none has
> > been found, we cannot guarantee that it is completely free from such problems
> > and do not accept any liability for loss or damage which may be caused.
> > Please therefore check any attachments for viruses before using them on your
> > own equipment. If you do find a computer virus please inform us immediately
> > so that we may take appropriate action. This communication is intended solely
> > for the addressee and is confidential. If you are not the intended recipient,
> > any disclosure, copying, distribution or any action taken or omitted to be
> > taken in reliance on it, is prohibited and may be unlawful. The views
> > expressed in this message are those of the individual sender, and may not
> > necessarily be that of ISA.
>
>

-- 
------------------------------------------------------------------------------
Disclaimer and Confidentiality
This material has been checked for  computer viruses and although none has
been found, we cannot guarantee  that it is completely free from such problems
and do not accept any  liability for loss or damage which may be caused.
Please therefore  check any attachments for viruses before using them on your
own  equipment. If you do find a computer virus please inform us immediately
so that we may take appropriate action. This communication is intended  solely
for the addressee and is confidential. If you are not the intended recipient,
any disclosure, copying, distribution or any action  taken or omitted to be
taken in reliance on it, is prohibited and may be  unlawful. The views
expressed in this message are those of the  individual sender, and may not
necessarily be that of ISA.