Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Squid Certificate https

    Scheduled Pinned Locked Moved Cache/Proxy
    2 Posts 2 Posters 1.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • I
      insurin
      last edited by

      pfsense 2.3.1
      squid transparent
      Captive Portal with Windows AD authentication

      For my domain computers I have deployed a certificate from my Sonicwall firewall via GPO to enable DPI-SSL. This enables to me to filter https traffic and log it. All logging and filtering for domain computers is done with Sonicwall/Analyzer.

      For my BYOD users, can I use this certificate on pfsense and somehow get users to accept the cert during their CP authentication window?

      At the minute I have Squid set to log websites via the Captive Portal logon name. This is great for http. All logging for BYOD is done on Pfsense. I am thinking if I get users to accept this cert from the pfsense I can then log https traffic.

      cheers

      1 Reply Last reply Reply Quote 0
      • P
        pfsensation
        last edited by

        What you can do is host the certificate somewhere within your network, either on the pfsense web server or any other internal web server you have. Then you can edit the captive portal page to have a download button for the certificate, and ask users to install it.

        However, I don't know how much I recommend using Squid for HTTPS filtering. I'm not having very good luck with it myself, it seems to give all sorts of random problems such as slow browsing, or causing HTTPS websites to not work, certificate errors and all sorts. It seems to really be bodged together, on top of that… It doesn't really have SSL inspection. You're kinda limited to categorical blocking via domains.

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.