1 .if !'po4a'hide' .TH security_file_certgen 8
4 security_file_certgen \- SSL certificate generator for Squid.
9 .if !'po4a'hide' .B security_file_certgen
10 .if !'po4a'hide' .B [\-dhv]
12 .if !'po4a'hide' .B security_file_certgen
13 .if !'po4a'hide' .B "[\-d] \-s "
15 .if !'po4a'hide' .B "[\-M "
17 .if !'po4a'hide' .B "] [\-b "
21 .if !'po4a'hide' .B security_file_certgen
22 .if !'po4a'hide' .B "[\-d] \-c \-s "
26 .B security_file_certgen
27 is an installed binary.
29 Because the generation and signing of SSL certificates takes time
30 Squid must use external process to handle the work.
32 This process generates new SSL certificates and uses a disk cache of certificates
33 to improve response times on repeated requests.
34 Communication occurs via TCP sockets bound to the loopback interface.
37 .if !'po4a'hide' .TP 12
38 .if !'po4a'hide' .B \-b fs_block_size
39 File system block size in bytes. Needed for processing natural size of certificate on disk.
40 Default value is 2048 bytes. The following suffixes are accepted: B, KB, MB, GB.
41 When no suffix is set, B is assumed.
44 .if !'po4a'hide' .B \-c
45 Initialize the SSL storage database and exit. Requires the
47 option to determine the storage location being created.
50 .if !'po4a'hide' .B \-d
51 Write debug info to stderr.
54 .if !'po4a'hide' .B \-h
55 Display the binary help and command line syntax info using stderr.
58 .if !'po4a'hide' .B \-s directory
59 Directory path of SSL storage database.
62 .if !'po4a'hide' .B \-M size
63 Maximum size of SSL certificate disk storage. Same suffixes supported by the
68 .if !'po4a'hide' .B \-v
69 Display the binary version details using stderr.
73 .B SSL errors after changing the CA
76 Certificates are stored in this database in signed form.
77 After any change to the signing CA in squid.conf be sure to erase and re-initialize the certificate database.
80 .B Certificate chaining
83 The version 1.0 of this helper will not add chained intermediate CA certificates.
84 The client must have a full chain of trust from the root CA all the way
85 down to the end certificate generated by this program.
87 Signing with an intermediate CA needs to install both the
88 root and the intermediate public CA on the clients.
92 Before this helper can be used the storage area for new certificates must be initialized manually.
93 This is done from the command line using the
100 .if !'po4a'hide' .B @DEFAULT_SSL_CRTD@ \-c \-s @DEFAULT_SSL_DB_DIR@
104 Certificates are stored in this database in signed form.
105 After any change to the signing CA in squid.conf be sure to erase and re-initialize the certificate database.
108 For simple configuration the helper defaults can be used.
109 Only HTTP listening port options are required to enable generation and set the signing CA certificate.
112 .if !'po4a'hide' .B http_port 3128 ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=4MB cert=@SYSCONFDIR@/ssl_cert/example.com.pem
116 For more customized configuration the helper certificate storage directory location and size can be altered with the
118 configuration directive.
121 .if !'po4a'hide' .B sslcrtd_program @DEFAULT_SSL_CRTD@ \-s @DEFAULT_SSL_DB_DIR@ \-M 4MB
123 .if !'po4a'hide' .B sslcrtd_children 5
127 This program was written by
128 .if !'po4a'hide' .I Christos Tsantilas <christos@chtsanti.net>
130 This manual was written by
131 .if !'po4a'hide' .I Christos Tsantilas <christos@chtsanti.net>
133 .if !'po4a'hide' .I Amos Jeffries <amosjeffries@squid-cache.org>
137 * Copyright (C) 1996-2017 The Squid Software Foundation and contributors
139 * Squid software is distributed under GPLv2+ license and includes
140 * contributions from numerous individuals and organizations.
141 * Please see the COPYING and CONTRIBUTORS files for details.
144 Questions on the usage of this program can be sent to the
145 .I Squid Users mailing list
146 .if !'po4a'hide' <squid-users@lists.squid-cache.org>
149 Bug reports need to be made in English.
150 See http://wiki.squid-cache.org/SquidFaq/BugReporting for details of what you need to include with your bug report.
152 Report bugs or bug fixes using http://bugs.squid-cache.org/
154 Report serious security bugs to
155 .I Squid Bugs <squid-bugs@lists.squid-cache.org>
157 Report ideas for new improvements to the
158 .I Squid Developers mailing list
159 .if !'po4a'hide' <squid-dev@lists.squid-cache.org>
162 .if !'po4a'hide' .BR squid "(8), "
163 .if !'po4a'hide' .BR GPL "(7), "
166 .if !'po4a'hide' http://wiki.squid-cache.org/SquidFaq
168 The Squid Configuration Manual
169 .if !'po4a'hide' http://www.squid-cache.org/Doc/config/