> From: owner-openssl-users On Behalf Of Walter H.
> Sent: Thursday, December 05, 2013 23:42
> can someone give me an example of the certificate, that is used here:
> http_port 3128 ssl-bump cert=/etc/squid/cert/cert.pem
> I'm using the latest CentOS release (6.5) with squid 3.1.10
> I generated one with this:
> openssl req -new -newkey rsa:2048 -days 365 -nodes -x509 -subj
> "/CN=dnsname/C=--/O=my Org/OU=my Squid server" -keyout cert.pem -out
That generates a self-signed cert (and matching key) for your server.
> in case I generate a CA cert and this one and install the CA cert in my
> browser (FF);
> does this help to remove the "The Connection is untrusted" messages of
> my browser (FF)?
Those are different cases.
If you import to Firefox the self-signed server cert created above
then it will trust a server using that cert.
If you generate a self-signed (root) CA cert & key, and use those
to sign (issue) another cert or certs such as one for your server,
and import the CA cert to Firefox, then a server using any cert
under that CA is trusted.