pfsense squid+squidguard http (TLS code: X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT)
-
Dear Sirs,
I've installed squid and squidguard, enabled:Squid > General > enabled Transparent HTTP Proxy HTTPS/SSL Interception is disabledNow every http request got blocked with:
TLS code: X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERTI've setup ACL with allowed domains in squidguard, but cannot understand why http request are going wrong.
Any idea is appreciated.Thanks, BR
-
Could be redirceting blocked traffic to an error page hosted on the firewall, behind that cert.
-
@stephenw10 thank you for the reply, I've disabled squidguard and with only squid running I can access the http sites, while if I enable the squidguard always get this error:
(92) Protocol error (TLS code: X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT) Self-signed SSL Certificate: /O=pfSense webConfigurator Self-Signed Certificate/CN=nameofpfsenseboxI've looked at the options on squidguard but didn't see any related on http or https.
BR -
Right so if Squidguard is blocking that traffic it will try to display an error page but that is hosted in the firewall behind that self signed cert over https.
As a test only try setting the firewall webgui to http.
If that works you need to change the Squidguard settings to either not display an error page or redirect to an externally host page over http.
Steve
