If public key and private key for websites does not exists, SafeSquid will creates them and store locally for reuse.
These certificates are valid for a year from the date they are created.
For more details regarding how SafeSquid’s HTTPS inspection works refer How does HTTPS inspection work with SafeSquid
However, when this certificate expires, you’ll get an error message in our browser which says “connection to this site is not private” and when you look at the certificate chain you’ll be able to notice that certificate which SafeSquid has generated expired.
This can lead to insecure connection and the website being blocked if you have any policies which blocks insecure connections.
To resolve this problem you are required to delete SafeSquid generated certificates from /var/db/safesquid/ssl/certs/<.website_name>.
The process of validating and removing SSL certificates can be automated using cron job and checkcertexp.sh
checkcertexp.sh validates certificates and remove them if any certificates is about to expire in 24hours.
Using openssl it validates the certificates.
Then removes certificates which are about to expire.
SafeSquid will regenerate new certificates which were deleted as you make connection with the website.
Cron tab can be used to execute this script every day which monitors certificate expiry date.
This will result in users to avoid encountering error “connection not private”.
You can follow below steps to setup cron job to execute checkcertexp.sh every day sharp at 12:00 AM
Code: Select all
crontab -e- image.png (136.04 KiB) Viewed 2061 times
Code: Select all
00 00 * * * <location for checkcertexp.sh script>(Note: Cron will only execute this command at 12:00 AM if the server is up and running else cron job will be missed)
I have attached checkcertexp.sh in attachment