Squid + https
-
Hello,
Can you help me find solution?
I've added CA of our domain controller in System > Cert Manager
But in squid SSL MITM i can't select this CA and enable SSL filtering. Only "None" can select.
How i can set up domain CA for enabling SSL filtering ?
Or pfsense can only accept self made cert from internal CA?
Thanks in advance. -
@viberua I'm no expert at all on the matter but it tells you to create your own on pfSense, because it needs to be able to create certs on demand and locally...I think, but again..no expert.
-
Never used squid before, but I guess a CA should be created first.
Here :
Then, based on the CA, you create your certs :
These certs can be used in OpenVPN, FreeRadius, the pfSense GUI, etc.
CA's can't be use directly, except for signing (your own) certs. -
@Gertjan said in Squid + https:
Never used squid before, but I guess a CA should be created first.
Here :exactly,
use the pfSense certificate builder and then it will appear in Squid settingsthen you can also export it for installation on external devices
like:
-
@DaddyGo so if i don't want create new CA because i already have one, then i can't use this external CA cert in MITM?
-
Squid works with an internal intermediate certificate
you can't use example Lets' E or otherbecause of what is described above in this thread......
like:
-
@viberua You need to "become" a CA (a local one of course) and have your own Public Key & Private Key in order for Squid to encrypt-decrypt.
-
@DaddyGo when i try to create an intermediate CA, the list of signing CA is empty
but as i said i have our domain CA server and added his CA cert to CA settings
-
@viberua said in Squid + https:
but as i said i have our domain CA server and added his CA
Won't work.
Do this from scratch:
And this is what you should see:
-
you are doing something wrong...
because it works very well in pfSensejust watch squidSSL2 I just created for the sake of the test...
-
I like you bro, but it is not appropriate to speak into an ongoing conversation...forum etiquette
-
@DaddyGo
Ok...I just saw notifications of his questions jump in my email so it caught my attention and just wanted to help.
But I accept your point. Have a great one :), I'm out. No expert anyway lol -
nothing happened...
we taught you about these a few days ago
I'm glad, you learned
-
Your image :
This is mine :
More in detail :
You :
Me :
What is your pfSense version
or what? -
-
@DaddyGo
Hi
how are you . i just want to ask if i can use pfsense proxy with mikrotik server
clearly . i wannot to add a certificat in users phone . just add it in mikrotik
to Enable SSL filtering in my network
i tray to that alot and have no result -
@Abdou-Ahmed said in Squid + https:
just add it in mikrotik
well, please specify this, please what kind of Mikrotik???
I'm pretty prepared in the "picture" - Mikrotik...
(all our CATV traffic is provided by Mikrotik devices)
