Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login
    1. Home
    2. Tags
    3. ssl
    Log in to post
    • All categories
    • V

      Haproxy Layer6 Issues - Intermittent Logging

      Watching Ignoring Scheduled Pinned Locked Moved Cache/Proxy help haproxy ssl letsencrypt
      1
      0 Votes
      1 Posts
      250 Views
      No one has replied
    • J

      Migrating from Sophos UTM Home Use License

      Watching Ignoring Scheduled Pinned Locked Moved General pfSense Questions sophos ips ssl reverse-proxy
      10
      0 Votes
      10 Posts
      1k Views
      M

      @jeffshead
      That is correct. Snort/Suricata operates outside the firewall so to speak so it cannot inspect ssl traffic. There is no mechanism within pfsense to decrypt a flow and send to an engine to inspect. This largely,in my opinion, makes the threat prevention aspect of pfsense quite useless. It would be more useful to have your endpoint mitigation tools on the clients do the protection.

    • G

      Haproxy cloudflare issues

      Watching Ignoring Scheduled Pinned Locked Moved Cache/Proxy haproxy ssl cloudflare nginx web server
      1
      0 Votes
      1 Posts
      741 Views
      No one has replied
    • G

      HaProxy Internal server error main site

      Watching Ignoring Scheduled Pinned Locked Moved Cache/Proxy haproxy reverse proxy pfsense+ domain ssl
      2
      0 Votes
      2 Posts
      1k Views
      G

      @gamehoundsdev NVM im a idiot, I forgot to disable a 443 mapping on nat ..

    • A

      Using SSL offloading to access Services

      Watching Ignoring Scheduled Pinned Locked Moved Cache/Proxy ssl haproxy nas
      2
      0 Votes
      2 Posts
      1k Views
      R

      @ahole4sure no, it is not required if you're using SSL Offloading option on Haproxy frontend. In this case it is better to use http for backend (or issue some internal ssl cert on pfsense for your synology)

    • P

      SquidGuard + SquidProxy SSL Errors

      Watching Ignoring Scheduled Pinned Locked Moved Cache/Proxy squidguard squidproxy ssl ssl error dns
      1
      0 Votes
      1 Posts
      584 Views
      No one has replied
    • Z

      SSL error on android when using pfsense

      Watching Ignoring Scheduled Pinned Locked Moved General pfSense Questions ssl error ssl
      6
      0 Votes
      6 Posts
      1k Views
      S

      @zwiebelspaetzle Mobile could be IPv6, could be a different web server entirely as they have multiple IPv4s.

      https://www.ssllabs.com/ssltest/analyze.html?d=www.podtrac.com&s=44.239.236.149&hideResults=on&latest looks pretty good but does show "Chain issues Incorrect order, Contains anchor". If the client had an issue with that, I would expect it to be a problem regardless of connection...but again could be different web servers.

    • M

      [SOLVED] HAProxy error after upgrade to 2.4.5-RELEASE

      Watching Ignoring Scheduled Pinned Locked Moved Cache/Proxy haproxy ssl
      1
      0 Votes
      1 Posts
      1k Views
      No one has replied
    • C

      Reverse Proxy using server certificates (NOT PFSense certs)

      Watching Ignoring Scheduled Pinned Locked Moved Cache/Proxy reverse proxy squid ssl man-in-the-midd
      2
      0 Votes
      2 Posts
      893 Views
      C

      Solved in https://forum.netgate.com/topic/153028/haproxy-deleting-acl-on-modify-bug-or-am-i-missing-something/14

    • M

      Phishing alert: CA sertifikat/pfSense_ Generate a SSL Certificate for HTTPS on your pfSense -.mhtml. Please delete the infected file soon.

      Watching Ignoring Scheduled Pinned Locked Moved Firewalling pishing ssl sertificate
      3
      0 Votes
      3 Posts
      577 Views
      M

      @johnpoz

      Thanks for reply.

      After you replyed, I investigated and I understand now that this warning has nothing to do with pfsense.

      The file is a saved web page:
      https://www.ceos3c.com/pfsense/pfsense-generate-ssl-certificate-https-pfsense/

      The scanner is on my ReadyNAS v 6.10.1, i dont know who is the "produser".

    • Z

      Squid MITM: How to retrieve decrypted data?

      Watching Ignoring Scheduled Pinned Locked Moved Cache/Proxy squid mitm man-in-the-midd tls ssl
      5
      0 Votes
      5 Posts
      2k Views
      Z

      Thanks for the info. Astounding is what this is. :-)

    • J

      Certificate chain is incomplete, missing intermediate(s) (WebGUI)

      Watching Ignoring Scheduled Pinned Locked Moved webGUI ssl intermediates chain authority certificate
      2
      0 Votes
      2 Posts
      1k Views
      johnpozJ

      Where are you getting your cert from? Your going to have to give us more details if you want anyone to be able to figure out what your doing wrong.

      For what possible reason would you want to use a wildcard cert for the webgui? How many possible fqdn/IPs could you point to the web gui?

      The web gui should be accessed by limited number of users. Create as cert with your own ca, have the users that will access it trust your ca. Put in whatever SANs you want to access it by. Done - set the cert to be good for 10 years. Never have to deal with this issue again.