Re: [squid-users] 3.3.1 ssl-bump-server-first for google domain lockdown

From: Alex Rousskov <>
Date: Mon, 01 Apr 2013 22:20:59 -0600

On 04/01/2013 09:56 PM, Robert Mason wrote:

> while I didn't want to just copy certs from my laptop to the
> firewall, it's an embedded device with a hard drive just for squid so
> it didn't seem to have any certs in /etc/ssl. As soon as I copied my
> certs folder over, magic started to happen.

> If you have any suggestions about how to properly update that certdir
> instead of just copying it over I'd gladly give it a try.

I personally do not, and I suspect the "proper way" to keep root CA
certificates current may depend on the embedded device OS, OpenSSL
version, and other local details. Technically, root CA certificate
management is not Squid's problem -- it is an OpenSSL and/or OS
distribution responsibility.

Glad you solved your immediate problem,

Received on Tue Apr 02 2013 - 04:21:08 MDT

This archive was generated by hypermail 2.2.0 : Tue Apr 02 2013 - 12:00:04 MDT