Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Squid Proxy -> SSL Man-in-the-middle Filtering & SSL CA

    Scheduled Pinned Locked Moved Cache/Proxy
    23 Posts 12 Posters 23.6k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • G Offline
      gsusrafael
      last edited by

      Based on the Bug #6496,

      Neither Squid or SquidGuard are filtering on SSL on transparent mode:

      When we try to acces any HTTPS website, we have a problem with the Issued To Common Name as you can see on the screenshot attached. :'( :'( :'( :'(

      ![SSL Cert Error Issuer CN.png](/public/imported_attachments/1/SSL Cert Error Issuer CN.png)
      ![SSL Cert Error Issuer CN.png_thumb](/public/imported_attachments/1/SSL Cert Error Issuer CN.png_thumb)

      1 Reply Last reply Reply Quote 0
      • R Offline
        rsaanon
        last edited by

        Env: pfSense v2.3.2 + Squid 3.5 branch

        Seven months later the problem has still not been addressed/resolved.  None of the suggestions mentioned in the thread work.

        1 Reply Last reply Reply Quote 0
        • I Offline
          itsharsha24gmail.com
          last edited by

          Hi ,

          I recently installed and played with this squid and squidGuard on pfsense 2.3.2 (updated with 2.3.2_1). I ran through the same issue. I mean when ever I enabled squidGuard with common ACL CN in certificate issued by  squid is "http" which doesn't make any sense to me. I thought the problem is with patch So I installed pfsense 2.3.2 again and tried it worked fine. But the reason is not patch. I enabled "Do not allow IP-Addresses in URL" this is causing the issue in my case. I just disabled this and tried it is working fine but when ever i try enable this running into issues. But it should be fixed  if it is a real bug. If this works for anyone please let me know I will create this in pfsense bugs list.

          Thanks,
          Harry.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.