You have to import the CA into firefox manually. Its under options/advanced/certificates/view certificates/import.

You have two certificates there (webGUI + CA), or just one?

No, absolutely NOT. You need to have your own CA so that Squid can issue certificates for arbitrary domains on the fly. Otherwise, use "Splice All".

That is generally not what people are asking for when they want "Inspection." But it does work pretty well.

Hello, did you find any solution?

Your cache settings look ok.  Perhaps related to the content you're trying to cache?  Reproduce the problem and then post your access.log.

Im now able to access normal websites, i just have to fix it on https sites, thanks for the help.

Just because you are getting a message from Squid when using Squid doesn't mean it's a Squid problem. Squid got a connection reset from the server (or from something else in the way). That's all. Go figure why the server is resetting the connections. Perhaps they use some "helpful" IDS/IPS in place doing this when someone accesses WP admin via a proxy (yes, I have seen those). Squid isn't doing anything here. It simply received RST before it expected that to happen. Another example: https://wiki.squid-cache.org/SquidFaq/TroubleShooting#What_does_.22sslReadClient:_FD_14:read_failure:.28104.29_Connection_reset_by_peer.22_mean.3F

The reason why SMTP stopped working? I don't Know… How I solved it? In "Services" -> "Squid Proxy Server" -> "ACLs" i went to the field "Unrestricted IPs" and set my LAN net in CIDR Format (192.168.1.0/24), then I went to the field "ACL SSLPorts" and set this "2096 587 443 563" After saving, aplying and a reboot, the SMTP was working again. Greetings!

It should work for all devices using pfSense as their gateway.  I assume you have tcp 80/443 blocked on all LANs to force the proxy use?  Your wireless network is on the same subnet as LAN?  Otherwise you might have to include that network in squid's ACLs - Allowed subnets section.

Read this: https://wiki.squid-cache.org/Features/CustomErrors?highlight=%2528faqlisted.yes%2529#Custom_error_pages_not_displayed_for_HTTPS https://redmine.pfsense.org/issues/6777#note-2 Not a Squid issue. This is how browsers are implemented.

**.**windowsupdate.com P.S. Google the difference between URL and domain.

Good question! Ive been looking at HAProxy and reading some instructions I would like to find the same example for  Squid Reverse proxy!

;D Thanks will do so!

@reza3sw: Hello HTTP/1.1 400 Bad Request Server: squid Mime-Version: 1.0 Date: Fri, 08 Sep 2017 21:19:17 GMT Content-Type: text/html;charset=utf-8 Content-Length: 3948 X-Squid-Error: ERR_INVALID_REQ 0 Vary: Accept-Language Content-Language: en X-Cache: MISS from pfsense X-Cache-Lookup: NONE from pfsense:3128 Via: 1.1 pfsense (squid) Connection: close Why does this error message occur in Windows and mobile apps? When I enable ssl filttering in squid? And some apps do not connect to the Internet on Windows and on Android. But it is connected to the Internet browser. Hello to all friends My problem with the IP Telegram and (as well as the programs that have this problem) was solved in Bypass squid In this way, IPs that come in bypass pass through the web proxy