Re: [squid-users] squid ssl certificate db for ssl_bump

From: Christos Tsantilas <christos_at_chtsanti.net>
Date: Thu, 12 May 2011 11:09:18 +0300

On 05/11/2011 07:58 PM, Ming Fu wrote:
> Hi,
>
> A few questions about sslbump:
>
> 1. Can ssl_crtd from different squids on the same hardware shared the same ssl_crtd certificate cache directory?
Yes

> 2. If the certificate used to sign the dynamic cert is altered, should the ssl_db be recreated (old cached cert removed)?

If the certificate used to sign the dynamic certs did not expired, yes
you should recreate the ssl_db.

> 3. With the -c option on the ssl_crtd, it seems to insist on recreating the directory for ssl_db. Would it possible to just clean the content in that directory without removing the directory itself?

I think no....

Regards,
    Christos
>
> Regards,
> Ming
Received on Thu May 12 2011 - 08:09:19 MDT

This archive was generated by hypermail 2.2.0 : Thu May 12 2011 - 12:00:02 MDT