> From: owner-openssl-users On Behalf Of Walter H. > Sent: Thursday, December 05, 2013 23:42
> can someone give me an example of the certificate, that is used here: > > http_port 3128 ssl-bump cert=/etc/squid/cert/cert.pem > > I'm using the latest CentOS release (6.5) with squid 3.1.10 > > I generated one with this: > > openssl req -new -newkey rsa:2048 -days 365 -nodes -x509 -subj > "/CN=dnsname/C=--/O=my Org/OU=my Squid server" -keyout cert.pem -out > cert.pem > That generates a self-signed cert (and matching key) for your server. > in case I generate a CA cert and this one and install the CA cert in my > browser (FF); > does this help to remove the "The Connection is untrusted" messages of > my browser (FF)? > Those are different cases. If you import to Firefox the self-signed server cert created above then it will trust a server using that cert. If you generate a self-signed (root) CA cert & key, and use those to sign (issue) another cert or certs such as one for your server, and import the CA cert to Firefox, then a server using any cert under that CA is trusted. Pick one. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
