Found out the problem.... # openssl req -new -newkey rsa:1024 -days 36500 -nodes -x509 -keyout myCA.pem -out myCA.pem
# openssl x509 -in myCA.pem -outform DER -out myCA.der Installing myCA.der as root cert shows the validity date from Friday, 4 January, 2013 4:58:39 PM to Thursday, 4 November, 1976 10:30:23 AM (1976, not 2113. it can auto back date???? :O ) Still figuring out why this happened, thou. Must be an openssl issue. The commands are copied directly from squid dynamic cert generation wiki. Thanks for the pointer. -----Original Message----- From: Will Roberts [mailto:ironwil...@gmail.com] Sent: Friday, 4 January, 2013 12:20 PM To: squid-users@squid-cache.org Subject: Re: [squid-users] SSL Bump Root Certificate Expiration On 01/03/2013 11:16 PM, Woon Khai Swen wrote: > Dear all, > > I found out the self signed ssl root cert for transparent SSL interception > (SSL Bump + origin cert mimicking + dynamic cert generation) is valid only > for 365 days max, no matter how many additional days specified in openssl > cert generation command line. Mine's good for 100 years. I'd check your command line arguments. --Will