Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Squid Certificate https

    Cache/Proxy
    2
    2
    991
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • I
      insurin last edited by

      pfsense 2.3.1
      squid transparent
      Captive Portal with Windows AD authentication

      For my domain computers I have deployed a certificate from my Sonicwall firewall via GPO to enable DPI-SSL. This enables to me to filter https traffic and log it. All logging and filtering for domain computers is done with Sonicwall/Analyzer.

      For my BYOD users, can I use this certificate on pfsense and somehow get users to accept the cert during their CP authentication window?

      At the minute I have Squid set to log websites via the Captive Portal logon name. This is great for http. All logging for BYOD is done on Pfsense. I am thinking if I get users to accept this cert from the pfsense I can then log https traffic.

      cheers

      1 Reply Last reply Reply Quote 0
      • P
        pfsensation last edited by

        What you can do is host the certificate somewhere within your network, either on the pfsense web server or any other internal web server you have. Then you can edit the captive portal page to have a download button for the certificate, and ask users to install it.

        However, I don't know how much I recommend using Squid for HTTPS filtering. I'm not having very good luck with it myself, it seems to give all sorts of random problems such as slow browsing, or causing HTTPS websites to not work, certificate errors and all sorts. It seems to really be bodged together, on top of that… It doesn't really have SSL inspection. You're kinda limited to categorical blocking via domains.

        1 Reply Last reply Reply Quote 0
        • First post
          Last post