From 258255acf74763e6e87a83141b3d4be9286d71c3 Mon Sep 17 00:00:00 2001
From: Klas Arvidsson <klas.arvidsson@liu.se>
Date: Tue, 5 Oct 2021 22:47:06 +0200
Subject: [PATCH] squid certificate update

---
 files/squid/squid.conf | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/files/squid/squid.conf b/files/squid/squid.conf
index 7d7c17d..137bf1d 100644
--- a/files/squid/squid.conf
+++ b/files/squid/squid.conf
@@ -19,6 +19,11 @@
 # http://tentix.ida.liu.se:3128/squid-internal-mgr/info
 #
 # Yearly update of certificate:
+# run make_certificate.sh
+# restart squid service
+# update dotfiles
+#
+# OLD
 # 1. Generate certificate:
 #  openssl req -new -newkey rsa:2048 -sha256 -days 365 -nodes -x509 -keyout myCA.pem -out myCA.pem
 #  openssl x509 -in myCA.pem -outform DER -out myCA.der
@@ -35,7 +40,7 @@
 # certutil -d sql:./.pki/nssdb -D -n "exam.ida.liu.se - Linkoping university"
 # certutil -d sql:./.pki/nssdb -L
 
-# OLD. Change in exam environment, (after added in Chromium myCA.der end up "somewhere" in ~/.pki/*
+# OLDER: Change in exam environment, (after added in Chromium myCA.der end up "somewhere" in ~/.pki/*
 #    Use this command to edit chrome exam template settings:
 #  env -i XAUTHORITY=/home/examadm/.Xauthority DISPLAY=$DISPLAY HOME=/home/examadm/Version-3.1/sea/env/courses/template_student_home_files/owned_by_uid chromium-browser --proxy-server="exam.ida.liu.se:3128" --temp-profile
 
@@ -121,7 +126,7 @@ http_access deny all
 
 # Squid normally listens to port 3128
 # http_port 3128
-http_port 3128 ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=4MB cert=/etc/ssl/certs/squid/Oct20-Oct21/myCA.pem
+http_port 3128 ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=4MB cert=/etc/pki/tls/certs/squid/current/exam.crt
 always_direct allow all
 ssl_bump server-first all
 
-- 
GitLab