When using HTTPS inspection SafeSquid checks whether the public key and private key for websites exist on the disk.
If the public keys and private keys for websites do not exist, SafeSquid will create them and store them locally for reuse.
These certificates are valid for a year from the date they are created.
For more details regarding how SafeSquid’s HTTPS inspection works refer to How does HTTPS inspection work with SafeSquid
However, when SafeSquid generated certificate expires, you’ll get an error message in our browser which says “connection to this site is not private”.
Also you can validate the same by looking at the certificate chain, you’ll be able to notice that the certificate which SafeSquid has generated expired.
This can lead to insecure connections and the website being blocked if any policies has configure to block’ insecure connections.
To resolve this problem, you are required to delete SafeSquid generated certificates from /var/db/safesquid/ssl/certs/ and the issuer certificate from /usr/local/safesquid/security/ssl/
Run the below command to delete old certificates.
CODE: SELECT ALL
/etc/init.d/monit stop ; /etc/init.d/safesquid stop ; rm -rf /var/db/safesquid/ssl/* ; rm -rf /usr/local/safesquid/security/ssl/* ; /etc/init.d/monit start
SafeSquid will regenerate all those certificates which were deleted.