follow this for use with creating a dstdom.broken file for use with pinned certificates.. https://wiki.squid-cache.org/SquidFaq/WindowsUpdate same item however add the office.com office.net domains into the folder so everything works and cache for updates still works acl BrokenButTrustedServers dstdomain "/usr/local/pkg/dstdom.broken" acl DomainMismatch ssl_error SQUID_X509_V_ERR_DOMAIN_MISMATCH sslproxy_cert_error allow BrokenButTrustedServers DomainMismatch sslproxy_cert_error deny all this works for me and all updates restored and office use

@viragomann Grazie , But my great difficulty is the English translation > ita which is often not very precise. I'm sorry if I made you angry it wasn't my intention. Thank you for your very important help for me.

@VMlabman Under Backend tab for the pfsense-01. you need to select a CA and select the client certificate that you have generated for your pfsense-01. Under Frontend tab under SSL offloading, select the ACME generated certificate under Certificate. Check if those settings fixes the issue you are having. Also I recommend watching the following youtube: How to Setup ACME, Let's Encrypt, and HAPRoxy in pfsense

@DBMandrake I also had a ticket open for this, it was closed as a duplicate I do know what you're talking about, iTunes does it also.

6.6 is active in 24 beta if anyone else wants to test it.

@lg1980 can you access the status page in squid 6.6? My system works but the status page says access denied

@compsmith said in haproxy connectwise control (screen connect) relay internally not working: DNS resolver has a Host Override with the screen connects subdomain pointing to the lan ip of the pfsense firewall. Remove this.

@M-Aly I don't know the answer to your problem but I would suggest if you need a reverse proxy that you just use HAProxy. Not only is HAProxy designed specifically to be a reverse proxy and load balancer, (while it is really only a secondary feature of Squid) netgate have said they are removing Squid from PFSense in the next major version release (presumably 2.8.0) so any time you spend setting this up and getting it working is going to be wasted when Squid is removed... so you might as well set up HAProxy from the beginning.

@bnangle thank you worked great!!

@johnpoz so practically if or if I have to install the certificate on my nas synology I handle some networking, but the truth is super weird to believe that there is no possibility that a firewall can not be configured in some existing way so that in tcp load the certificate because in many forums people want pfsense/haproxy to take care of this, not the nas (for the same reason they don't want to install the certificate on their nas). I hope to find someday the solution or the firewall or the steps to allow it to somehow load the certificate and not the equipment (nas synology). you would know how to configure to do it pfsense/haproxy or you really do not know (that's why you give me the simplest option that is repeated in all places)

@justme2 Gotcha, well this is a good start at least. I'm considering the same platform for a proper 10 gigabit system (WAN side with NAT) as my Netgate 6100 isn't keeping up with my new WAN provider. QAT is fairly important for me though as well.