4. Squid Certificate https

Squid Certificate https

  • I

    pfsense 2.3.1
    squid transparent
    Captive Portal with Windows AD authentication

    For my domain computers I have deployed a certificate from my Sonicwall firewall via GPO to enable DPI-SSL. This enables to me to filter https traffic and log it. All logging and filtering for domain computers is done with Sonicwall/Analyzer.

    For my BYOD users, can I use this certificate on pfsense and somehow get users to accept the cert during their CP authentication window?

    At the minute I have Squid set to log websites via the Captive Portal logon name. This is great for http. All logging for BYOD is done on Pfsense. I am thinking if I get users to accept this cert from the pfsense I can then log https traffic.

    cheers

    0
  • P

    What you can do is host the certificate somewhere within your network, either on the pfsense web server or any other internal web server you have. Then you can edit the captive portal page to have a download button for the certificate, and ask users to install it.

    However, I don't know how much I recommend using Squid for HTTPS filtering. I'm not having very good luck with it myself, it seems to give all sorts of random problems such as slow browsing, or causing HTTPS websites to not work, certificate errors and all sorts. It seems to really be bodged together, on top of that… It doesn't really have SSL inspection. You're kinda limited to categorical blocking via domains.

    0
Log in to reply
 

Products

Applications

Support

Services

News

Resources

Company

Our Mission

As host of the pfSense open source firewall project, Netgate believes in enhancing network connectivity that maintains both security and privacy. We also believe everyone should be able to afford it.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2019 Rubicon Communications, LLC | Privacy Policy