Found out the problem.... # openssl req -new -newkey rsa:1024 -days 36500 -nodes -x509 -keyout myCA.pem -out myCA.pem # openssl x509 -in myCA.pem -outform DER -out myCA.der Installing myCA.der as root cert shows the validity date from Friday, 4 January, 2013 4:58:39 PM to Thursday, 4 November, 1976 10:30:23 AM (1976, not 2113. it can auto back date???? :O ) Still figuring out why this happened, thou. Must be an openssl issue. The commands are copied directly from squid dynamic cert generation wiki. Thanks for the pointer. -----Original Message----- From: Will Roberts [mailto:ironwill42@xxxxxxxxx] Sent: Friday, 4 January, 2013 12:20 PM To: squid-users@xxxxxxxxxxxxxxx Subject: Re: SSL Bump Root Certificate Expiration On 01/03/2013 11:16 PM, Woon Khai Swen wrote: > Dear all, > > I found out the self signed ssl root cert for transparent SSL interception (SSL Bump + origin cert mimicking + dynamic cert generation) is valid only for 365 days max, no matter how many additional days specified in openssl cert generation command line. Mine's good for 100 years. I'd check your command line arguments. --Will
