Squid Proxy -> SSL Man-in-the-middle Filtering & SSL CA

gsusrafael · Nov 22, 2016, 8:44 PM

Based on the Bug #6496,

Neither Squid or SquidGuard are filtering on SSL on transparent mode:

When we try to acces any HTTPS website, we have a problem with the Issued To Common Name as you can see on the screenshot attached. :'( :'( :'( :'(

![SSL Cert Error Issuer CN.png](/public/imported_attachments/1/SSL Cert Error Issuer CN.png)
![SSL Cert Error Issuer CN.png_thumb](/public/imported_attachments/1/SSL Cert Error Issuer CN.png_thumb)

rsaanon · Dec 20, 2016, 3:03 PM

Env: pfSense v2.3.2 + Squid 3.5 branch

Seven months later the problem has still not been addressed/resolved. None of the suggestions mentioned in the thread work.

itsharsha24gmail.com · Dec 22, 2016, 5:52 PM

Hi ,

I recently installed and played with this squid and squidGuard on pfsense 2.3.2 (updated with 2.3.2_1). I ran through the same issue. I mean when ever I enabled squidGuard with common ACL CN in certificate issued by squid is "http" which doesn't make any sense to me. I thought the problem is with patch So I installed pfsense 2.3.2 again and tried it worked fine. But the reason is not patch. I enabled "Do not allow IP-Addresses in URL" this is causing the issue in my case. I just disabled this and tried it is working fine but when ever i try enable this running into issues. But it should be fixed if it is a real bug. If this works for anyone please let me know I will create this in pfsense bugs list.

Thanks,
Harry.