If you’re using GateSentry’s Raspberry Pi image, you might be seeing some certificate expiry errors in your browser as of 2nd October 2017. This post will help you regenerate GateSentry’s certificate so you can continue using it. Here’s how to do that:
- Connect to your Raspberry Pi via SSH (use Putty on Windows)
The credentials are username:pi and password:raspberry
- Generate a new certificate with the following command (replace XXX with number of days that you want the certificate to be valid for example 365 ):
openssl req -new -newkey rsa:2048 -days XXX -nodes -x509 -keyout myCA.pem -out myCA.pem
- Also generate a browser certificate using the freshly generated myca.pem:
openssl x509 -in myCA.pem -outform DER -out myCA.der
- Now stop the squid service with : sudo service squid3 stop
- Copy this newly generated certificate (myCA.pem) to /etc/squid/certs on your raspberry pi (overwrite the old one).
- Make a copy of this certificate (myCA.der) on your local computer, so you can install it on your client browsers.
- Next, restart the Raspberry pi, with
sudo reboot
- Install certificate on browsers, clear cache and restart browser.