Advice for CA Import and Squid SSL Filtering… [SOLVED]



  • Hi all,

    I'm trying to set up a Squid Transparent proxy on my pfSense box.  The main reason is to enable anti-virus scanning with ClamAV, to include SSL encrypted traffic.

    I can export my self made CA from pfSense, but I'm not particularly familiar with where to deploiy the .crt file.

    I'm running a network with Windows boxes that use either Firefox or Chrome as their main browsers.  I've also got a couple of instances of Google Drive installed on some workstations.

    I know I can add the CA to the Trusted Root Authority store for both the User and System (it easy for me to do this manually rather than push out via the Domain), and I also think I may need to add the .crt in the certificate stores used by the Browsers themselves…

    Is this correct?  Do I need to add the .crt anywhere else?  Will the above allow the Google Drive app to function correctly? ... and lastly, Do I need to have the CA signed to prevent self-signing errors?

    Aplogies as I know this is a bit of a ramble / info dump.  I'm going to start messing around with a test network and see what I can fudge :-D

    Tanks in advance!



  • Apologies all… Google Foo was not playing well this morning...

    Thread with info I need is here:  https://forum.pfsense.org/index.php?topic=83236.0