Hello.
I've made a script that generate an SSL certificate for squid proxy.
the certificate genarated normally, but when downloading it and trying to install it on windows, It shows the wrong date begin.
The script is called from a cgi module executed by lighttpd.
So What's wrong?? the generation is made today but in the certificate it indicate that the validity begans in 21/05/2023.
The system datetime is OK
PS: This code when executed (called) in shell manually it generate the SSL certificate normally, with begin validity date of today.
See picture.
I've made a script that generate an SSL certificate for squid proxy.
the certificate genarated normally, but when downloading it and trying to install it on windows, It shows the wrong date begin.
The script is called from a cgi module executed by lighttpd.
Bash:
#!/bin/sh
#------------------------------------------------------------------
# Program to generate SSL certificate for squid.
#------------------------------------------------------------------
# BSDCommands
#------------------------------------------------------------------
C_mkdir="/bin/mkdir"
C_cp="/bin/cp"
C_mv="/bin/mv"
C_rm="/bin/rm"
C_service="/usr/sbin/service"
C_chown="/usr/sbin/chown"
C_openssl="/usr/bin/openssl"
C_wget="/usr/local/bin/wget"
C_security_file_certgen="/usr/local/libexec/squid/security_file_certgen"
C_stat="/usr/bin/stat"
C_squid="/usr/local/sbin/squid"
#------------------------------------------------------------------
# Directories&files
#------------------------------------------------------------------
C_squid_fldr_root="/var/ucos/sslkeys/squid/"
C_squid_fldr_certs="${C_squid_fldr_root}certs/"
C_squid_fldr_certs_db="/var/squid/cache/db"
C_squid_pem_cert="${C_squid_fldr_certs}squidCA.pem"
C_squid_mep_cert="${C_squid_fldr_certs}squidCA.mep"
C_squid_der_cert="/ucos/www/webfilter/squidCA.der"
C_squid_pem_cacert="/var/ucos/sslkeys/squid/cacert.pem"
C_squid_pem_cacert_def="/etc/ucdefs/cacert.pem"
C_subj="/C=DZ/ST=BEJAIA/L=BEJAIA/O=UCOS/CN=ucos.net"
#------------------------------------------------------------------
# Stop squid service
#------------------------------------------------------------------
"${C_service}" squid stop >/dev/null 2>&1
while ps axg | grep -vw grep | grep -w squid > /dev/null; do sleep 1; done
#------------------------------------------------------------------
# See if dest dir not exists then create
#------------------------------------------------------------------
if [ ! -d "$C_squid_fldr_certs" ]; then
"${C_mkdir}" -p "$C_squid_fldr_certs" >/dev/null 2>&1
fi
#------------------------------------------------------------------
# See if pem file exists then rename
#------------------------------------------------------------------
if [ -f "$C_squid_pem_cert" ]; then
"${C_mv}" -f "$C_squid_pem_cert" "$C_squid_mep_cert" >/dev/null 2>&1
fi
#------------------------------------------------------------------
# See if .der file exists then delete
#------------------------------------------------------------------
if [ -f "$C_squid_der_cert" ]; then
"${C_rm}" -f "$C_squid_der_cert" >/dev/null 2>&1
fi
#------------------------------------------------------------------
# Call openssl commande Generate ssl certificate
#------------------------------------------------------------------
"${C_openssl}" req -new -newkey rsa:2048 -days 3650 -nodes -x509 -subj "$C_subj" -keyout "$C_squid_pem_cert" -out "$C_squid_pem_cert" >/dev/null 2>&1
while ps axg | grep -vw grep | grep -w openssl > /dev/null; do sleep 1; done
#------------------------------------------------------------------
# Generate .der certificate
#------------------------------------------------------------------
"${C_openssl}" x509 -in "$C_squid_pem_cert" -outform DER -out "$C_squid_der_cert" >/dev/null 2>&1
while ps axg | grep -vw grep | grep -w openssl > /dev/null; do sleep 1; done
#------------------------------------------------------------------
# Generate db certgen
#------------------------------------------------------------------
if [ -d "$C_squid_fldr_certs_db" ]; then
"${C_rm}" -R "$C_squid_fldr_certs_db"
fi
"${C_security_file_certgen}" -c -s "$C_squid_fldr_certs_db" -M 4MB >/dev/null 2>&1
while ps axg | grep -vw grep | grep -w security_file_certgen > /dev/null; do sleep 1; done
#------------------------------------------------------------------
#Getcacertfromcurlsite
#------------------------------------------------------------------
"${C_wget}" --no-check-certificate -t 2 -T 10 -q -O "$C_squid_pem_cacert" https://curl.se/ca/cacert.pem >/dev/null 2>&1
fcacert_sz=$("${C_stat}" -f%z "${C_squid_fldr_certs}")
if [ "${fcacert_sz}" -lt 10000 ]; then
"${C_cp}" "$C_squid_pem_cacert_def" "$C_squid_fldr_certs" >/dev/null 2>&1
fi
#------------------------------------------------------------------
# Chown to squid
#------------------------------------------------------------------
"${C_chown}" -R squid:squid "${C_squid_fldr_root}"
#------------------------------------------------------------------
# starts quid
#------------------------------------------------------------------
"${C_service}" squid start >/dev/null 2>&1
#"${C_squid}" -k reconfigure
exit
So What's wrong?? the generation is made today but in the certificate it indicate that the validity begans in 21/05/2023.
The system datetime is OK
Bash:
root@uc-rpi:/ucos/bin # date
Thu Oct 12 20:57:59 CEST 2023
PS: This code when executed (called) in shell manually it generate the SSL certificate normally, with begin validity date of today.
See picture.