Squid Error

Falassion

I'm trying to config squid too (https splice whitelist, bump otherwise) and when i type pfsense ip browser give me this error. I created the CA and Server Certificate and imported (google.com, facebooks work fine) but browser always say me invalid certificate.

ERROR
The requested URL could not be retrieved
The following error was encountered while trying to retrieve the URL: https://192.xxx.xxx.xxx/*

Failed to establish a secure connection to 192.xxx.xxx.xxx

The system returned:

(92) Protocol error (TLS code: X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN)
Self-signed SSL Certificate in chain: /CN='CA NAME' CA/O=home/OU=home

This proxy and the remote host failed to negotiate a mutually acceptable security settings for handling your request. It is possible that the remote host does not support secure connections, or the proxy is not satisfied with the host security credentials.

Your cache administrator is admin@localhost.

viktor_g

@falassion see https://www.openssl.org/docs/man1.1.0/man3/X509_STORE_CTX_set_current_cert.html:

X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN: self signed certificate in certificate chain
the certificate chain could be built up using the untrusted certificates but the root could not be found locally.

You can bypass cert check by enabling "Remote Cert Checks" but this is not secure.

viktor_g

@falassion you can also manually add your local CA certs to /usr/local/share/certs/ca-root-nss.crt, see https://redmine.pfsense.org/issues/10605

eezeeim

I followed your instructions but it still didn't work. Can anyone tell me what to do?