SafeSquid generated certificate expired./ Your connection is not private

General Information about how to make best use of this forum
India Pratik
Posts: 25
Joined: Fri Jun 10, 2022 7:15 am

SafeSquid generated certificate expired./ Your connection is not private

Post by Pratik » Mon Jul 25, 2022 6:54 am

When using HTTPS inspection SafeSquid checks whether the public key and private key for websites exist on the disk.
If the public keys and private keys for websites do not exist, SafeSquid will create them and store them locally for reuse.
These certificates are valid for a year from the date they are created.

For more details regarding how SafeSquid’s HTTPS inspection works refer to How does HTTPS inspection work with SafeSquid

However, when SafeSquid generated certificate expires, you’ll get an error message in our browser which says “connection to this site is not private”.
Also you can validate the same by looking at the certificate chain, you’ll be able to notice that the certificate which SafeSquid has generated expired.
This can lead to insecure connections and the website being blocked if any policies has configure to block' insecure connections.
certdateinvalid.jpg
certdateinvalid.jpg (38.49 KiB) Viewed 1588 times


To resolve this problem, you are required to delete SafeSquid generated certificates from /var/db/safesquid/ssl/certs/ and the issuer certificate from /usr/local/safesquid/security/ssl/

Run the below command to delete old certificates.

Code: Select all

/etc/init.d/monit stop ; /etc/init.d/safesquid stop ; rm -rf /var/db/safesquid/ssl/* ; rm -rf /usr/local/safesquid/security/ssl/* ; /etc/init.d/monit start 
SafeSquid will regenerate all those certificates which were deleted.