SQUID SSL HTTPS AND Transparet Proxy



  • Hello friends
    I've enabled Transparent Proxy and SSL Man In the Middle Filtering on pfsense.
    My pfsesne version is 2.3.4-RELEASE-p1 (amd64).
    I've implemented the following rules for HTTPS SSL.
    SSL / MITM Mode: Splice Whitelist , Bump Otherwise
    SSL Intercept (s): LAN
    SSL Proxy Compatibility Mode: Modern
    DHParams Key Size: 2048
    CA: Self-Signed

    I use SSL Filtering in Squid and I created a certificate in pfsense and I can login to Https through Domain Name.

    • Tip: I have installed my certificate on the system.

    For example, the site (https://www.roblox.com) looks like the following

    First Photo

    But when I log in through the IP of the same site, I get an error certificate like the one below

    Second Photo

    In Android apps on the mobile phone, all connections are through the IP, and if I connect to the Internet via WIFI, that the Pfsense firewall is on the route, none of the programs will connect (such as a telegram)

    I am able to log in to HTTPS sites if I enter the domain name successfully with the internal certificate, but if I get the IP address of that site, I get an error certificate?
    Why this error occurs?

    This problem is problematic on Android phones to enter programs such as telegrams that use HTTPS and IP, and the program does not work?
    Is there a way to set up an IP certificate?
    Because it seems that the internal certificate we create works properly with the domain name of the sites.
    Thank you friends

    Friends and Teachers Please advise how to resolve this issue.


Log in to reply