Facing the need to delete a SafeSquid-generated certificate using the checkcertexp.sh script. Can someone guide me through the process or provide step-by-step instructions for successful certificate removal? Appreciate any assistance!
When using HTTPS inspection SafeSquid checks whether public key and private key for websites exists in disk.
If public key and private key for websites does not exists, SafeSquid will creates them and store locally for reuse.
These certificates are valid for a year from the date they are created.
For more details regarding how SafeSquid’s HTTPS inspection works refer How does HTTPS inspection work with SafeSquid
However, when this certificate expires, you’ll get an error message in our browser which says “connection to this site is not private” and when you look at the certificate chain you’ll be able to notice that certificate which SafeSquid has generated expired.
This can lead to insecure connection and the website being blocked if you have any policies which blocks insecure connections.
To resolve this problem you are required to delete SafeSquid generated certificates from /var/db/safesquid/ssl/certs/<.website_name>.
The process of validating and removing SSL certificates can be automated using cron job and checkcertexp.sh
checkcertexp.sh validates certificates and remove them if any certificates is about to expire in 24hours.
Using openssl it validates the certificates.
Then removes certificates which are about to expire.
SafeSquid will regenerate new certificates which were deleted as you make connection with the website.
Cron tab can be used to execute this script every day which monitors certificate expiry date.
This will result in users to avoid encountering error “connection not private”.
You can follow below steps to setup cron job to execute checkcertexp.sh every day sharp at 12:00 AM
00 00 * * * <location for checkcertexp.sh script>
You can make changes to the time to execute command accordingly
(Note: Cron will only execute this command at 12:00 AM if the server is up and running else cron job will be missed)