Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Certificate errors with SSL Filtering using SquidGuard

    Cache/Proxy
    3
    4
    2.0k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      SimonPalmieri
      last edited by

      Hello guys, first off I just want to say that I am really pleased with the performance of my pfSense box. I bought an SG-2440 and it's been working great. Recently, I've setup SSL filtering with Squid to block sites and it's almost working perfectly except for a two main issues.

      I am using version 2.3.2 with Squid 3.5.

      My first issues is that sometimes, it seems that Squid is issuing a certificate using the IP address for the common name instead of the FQDN, which results in a certificate error. It doesn't happen for every site but it happens occasionally for a few sites.

      My second issue is that Internet Explorer seems to complain about the certificate not being trusted even though the CA is installed on the computer in MMC. It seems to only complain when I visit sites that are blocked. If I visit sites that are secured with SSL but aren't blocked, they work as expected. It is working fine in Firefox and Google Chrome when going to blocked sites.

      If anyone has any advice or possibly knows why these issues are happening, I would greatly appreciate it!

      1 Reply Last reply Reply Quote 0
      • S
        SimonPalmieri
        last edited by

        Just a little update – the Internet Explorer error is occurring because there is some sort of problem with the redirection. I can tell because the URL bar says the original address that I have typed in and the certificate has the wrong information when I click the certificate information bar.

        1 Reply Last reply Reply Quote 0
        • H
          HHR
          last edited by

          Same problem here, Squid issues the certificate on the ip not on the fqdn of the website. I already ticked "Resolve DNS IPv4 First" on the general tab but it doesn't change anything. Has anybody a clue to solve this problem?
          Thanks in advance.

          1 Reply Last reply Reply Quote 0
          • M
            m.mascheroni
            last edited by

            Solved this problem a few minutes ago for my installation.
            In my setup i have Pfsense 2.3.2, squid and squidguard.

            The problem i've dealth with, was the certification error "http". After clicking everything possible in squid configuration i've found out it was the squidguard common ACL "blk_BL_adv"
            I imagine that many users use the shallalist blacklist, at the very moment i disabled that rule everything in the Man in The Middle worked like charm.

            I'm not a programmer nor a squid expert, if anyone in this forum can contact the squidguard developers maybe they will find out if i was lucky or if there's a problem with squidguard, shallalist and ssl filtering

            Sorry for my poor english.
            Bye

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.