--- /dev/null
+.if !'po4a'hide' .TH ssl_crtd 8
+.
+.SH NAME
+.if !'po4a'hide' .B ssl_crtd
+.if !'po4a'hide' \-
+SSL certificate generator.
+.PP
+Version 1.0
+.
+.SH SYNOPSIS
+.if !'po4a'hide' .B ssl_crtd
+.if !'po4a'hide' .B [\-dhv]
+.
+.if !'po4a'hide' .B ssl_crtd
+.if !'po4a'hide' .B "[\-d] -s "
+directory
+.if !'po4a'hide' .B [\-M
+size
+.if !'po4a'hide' .B ]
+.
+.if !'po4a'hide' .B ssl_crtd
+.if !'po4a'hide' .B "[\-d] \-c \-s "
+directory
+.if !'po4a'hide' .B [\-n]
+serial number
+.
+.if !'po4a'hide' .B ssl_crtd
+.if !'po4a'hide' .B "[\-d] \-g \-s "
+directory
+.
+.SH DESCRIPTION
+.B ssl_crtd
+is an installed binary.
+.PP
+Because the generation and signing of SSL certificates takes time
+Squid must use external process to handle the work.
+.
+This process generates new SSL certificates and uses a disk cache of certificatess
+to improve response times on repeated requests.
+Communication occurs via TCP sockets bound to the loopback interface.
+.
+.SH OPTIONS
+.if !'po4a'hide' .TP 12
+.if !'po4a'hide' .B \-b fs_block_size
+File system block size in bytes. Needed for processing natural size of certificate on disk.
+Default value is 2048 bytes.
+.
+.if !'po4a'hide' .TP
+.if !'po4a'hide' .B \-c
+Initialize the SSL storage database and exit.
+Requires the
+.B -s
+option to determine the storage location being created.
+.
+.if !'po4a'hide' .TP
+.if !'po4a'hide' .B \-d
+Write debug info to stderr.
+.
+.if !'po4a'hide' .TP
+.if !'po4a'hide' .B \-g
+Display the current serial number using stderr and exit.
+Requires
+.B \-s
+option to determine which storage directory the serial is located in.
+.
+.if !'po4a'hide' .TP
+.if !'po4a'hide' .B \-h
+Display the binary help and command line syntax info using stderr.
+.
+.if !'po4a'hide' .TP
+.if !'po4a'hide' .B \-s directory
+Directory path of disk storage for new SSL certificates.
+.
+.if !'po4a'hide' .TP
+.if !'po4a'hide' .B \-M size
+Maximum size of SSL certificate disk storage.
+.
+.if !'po4a'hide' .TP
+.if !'po4a'hide' .B \-n serial number
+HEX
+.B "serial number "
+to use when initializing an SSL storage database.
+The default value of serial number is the number of seconds since Epoch minus 1200000000.
+.
+.if !'po4a'hide' .TP
+.if !'po4a'hide' .B \-v
+Display the binary version details using stderr.
+.
+.SH KNOWN ISSUES
+.PP
+The version 1.0 of this helper will not add chained intermediate CA certificates.
+The client must have a full chain of trust from the root CA all the way
+down to the end certificate generated by this program.
+.
+Signing with an intermediate CA needs to install both the
+root and the intermediate public CA on the clients.
+.
+.SH CONFIGURATION
+.PP
+Before this helper can be used the storage area for new certificates must be initialized manually.
+This is done from the command line using the
+.B \-c
+parameters.
+.
+.PP
+For example:
+.if !'po4a'hide' .RS
+.if !'po4a'hide' .B ssl_crtd -c -s /var/lib/ssl_db
+.if !'po4a'hide' .RE
+.
+.PP
+For simple configuration the helper defaults can be used.
+Only HTTP listening port options are required to enable generation and set the signign CA certificate.
+For Example:
+.if !'po4a'hide' .RS
+.if !'po4a'hide' .B http_port 3128 ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=4MB cert=/usr/local/squid/ssl_cert/www.sample.com.pem
+.if !'po4a'hide' .RE
+.
+.PP
+For more customized configuration the helper certificate storage directory location and size can be altered with the
+.B sslcrtd_program
+configuration directive.
+For example:
+.if !'po4a'hide' .RS
+.if !'po4a'hide' .B sslcrtd_program /usr/local/squid/libexec/ssl_crtd -s /usr/local/squid/var/lib/ssl_db -M 4MB
+.if !'po4a'hide' .
+.if !'po4a'hide' .B sslcrtd_children 5
+.if !'po4a'hide' .RE
+.
+.SH AUTHOR
+This program was written by
+.if !'po4a'hide' .I Christos Tsantilas <christos@chtsanti.net>
+.PP
+This manual was written by
+.if !'po4a'hide' .I Christos Tsantilas <christos@chtsanti.net>
+.if !'po4a'hide' .I Amos Jeffries <squid3@treenet.co.nz>
+.
+.SH COPYRIGHT
+This program and documentation is copyright to the authors named above.
+.PP
+Distributed under the GNU General Public License (GNU GPL) version 2 or later (GPLv2+).
+.
+.SH QUESTIONS
+Questions on the usage of this program can be sent to the
+.I Squid Users mailing list
+.if !'po4a'hide' <squid-users@squid-cache.org>
+.
+.SH REPORTING BUGS
+Bug reports need to be made in English.
+See http://wiki.squid-cache.org/SquidFaq/BugReporting for details of what you need to include with your bug report.
+.PP
+Report bugs or bug fixes using http://bugs.squid-cache.org/
+.PP
+Report serious security bugs to
+.I Squid Bugs <squid-bugs@squid-cache.org>
+.PP
+Report ideas for new improvements to the
+.I Squid Developers mailing list
+.if !'po4a'hide' <squid-dev@squid-cache.org>
+.
+.SH SEE ALSO
+.if !'po4a'hide' .BR squid "(8), "
+.if !'po4a'hide' .BR GPL "(7), "
+.br
+The Squid FAQ wiki
+.if !'po4a'hide' http://wiki.squid-cache.org/SquidFaq
+.br
+The Squid Configuration Manual
+.if !'po4a'hide' http://www.squid-cache.org/Doc/config/
projects / thirdparty / squid.git / commitdiff
