Squid + https
-
Never used squid before, but I guess a CA should be created first.
Here :
Then, based on the CA, you create your certs :
These certs can be used in OpenVPN, FreeRadius, the pfSense GUI, etc.
CA's can't be use directly, except for signing (your own) certs. -
@Gertjan said in Squid + https:
Never used squid before, but I guess a CA should be created first.
Here :exactly,
use the pfSense certificate builder and then it will appear in Squid settingsthen you can also export it for installation on external devices
like:
-
@DaddyGo so if i don't want create new CA because i already have one, then i can't use this external CA cert in MITM?
-
Squid works with an internal intermediate certificate
you can't use example Lets' E or otherbecause of what is described above in this thread......
like:
-
@viberua You need to "become" a CA (a local one of course) and have your own Public Key & Private Key in order for Squid to encrypt-decrypt.
-
@DaddyGo when i try to create an intermediate CA, the list of signing CA is empty
but as i said i have our domain CA server and added his CA cert to CA settings
-
@viberua said in Squid + https:
but as i said i have our domain CA server and added his CA
Won't work.
Do this from scratch:
And this is what you should see:
-
you are doing something wrong...
because it works very well in pfSensejust watch squidSSL2 I just created for the sake of the test...
-
I like you bro, but it is not appropriate to speak into an ongoing conversation...forum etiquette
-
@DaddyGo
Ok...I just saw notifications of his questions jump in my email so it caught my attention and just wanted to help.
But I accept your point. Have a great one :), I'm out. No expert anyway lol -
nothing happened...
we taught you about these a few days ago
I'm glad, you learned
-
Your image :
This is mine :
More in detail :
You :
Me :
What is your pfSense version
or what? -
-
@DaddyGo
Hi
how are you . i just want to ask if i can use pfsense proxy with mikrotik server
clearly . i wannot to add a certificat in users phone . just add it in mikrotik
to Enable SSL filtering in my network
i tray to that alot and have no result -
@Abdou-Ahmed said in Squid + https:
just add it in mikrotik
well, please specify this, please what kind of Mikrotik???
I'm pretty prepared in the "picture" - Mikrotik...
(all our CATV traffic is provided by Mikrotik devices)
