Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Squid with HTTPS in transparent mode not working

    Scheduled Pinned Locked Moved Cache/Proxy
    8 Posts 3 Posters 8.6k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • G
      giacomo
      last edited by

      Hi All,

      I'm trying to configure Squid+SquidGuard for HTTP and HTTPS in transparent mode, but HTTPS doesn't work.
      I've tested with Splice All and Splice Whitelist as SSL/MITM Mode.

      I've this fatal error in the log:

      /pkg_edit.php: The command '/usr/local/sbin/squid -f /usr/local/etc/squid/squid.conf' returned exit code '1', the output was '2017/09/20 22:44:40| FATAL: tproxy/intercept on https_port requires ssl-bump which is missing. FATAL: Bungled /usr/local/etc/squid/squid.conf line 6: https_port 127.0.0.1:3129 intercept Squid Cache (Version 3.5.26): Terminated abnormally. CPU Usage: 0.005 seconds = 0.000 user + 0.005 sys Maximum Resident Size: 45888 KB Page faults with physical i/o: 0'

      Please help!
      Giacomo (Italy)

      1 Reply Last reply Reply Quote 0
      • D
        doktornotor Banned
        last edited by

        Fix your CA setting.

        1 Reply Last reply Reply Quote 0
        • G
          giacomo
          last edited by

          Hi,

          what do you mean?
          I've set a CA.

          Thanks!

          1 Reply Last reply Reply Quote 0
          • D
            doktornotor Banned
            last edited by

            You have set an unusable CA. This must be a local CA to which you either created directly on pfSense or which you have imported including the private key.

            1 Reply Last reply Reply Quote 0
            • G
              giacomo
              last edited by

              Hi,

              I've created a new certificate and I have now a different error:

              /pkg_edit.php: The command '/usr/local/sbin/squid -k reconfigure -f /usr/local/etc/squid/squid.conf' returned exit code '1', the output was 'FATAL: No valid signing SSL certificate configured for HTTP_port 192.168.0.100:3128 Squid Cache (Version 3.5.26): Terminated abnormally. CPU Usage: 0.014 seconds = 0.014 user + 0.000 sys Maximum Resident Size: 52672 KB Page faults with physical i/o: 0'

              What's wrong?

              Thanks!

              1 Reply Last reply Reply Quote 0
              • D
                doktornotor Banned
                last edited by

                You need to create a Certification AUTHORITY, not a certificate. Then select that newly created CA in the GUI. Dunno, this takes like a minute. Sigh.

                Note: Create it on pfSense. Stop importing something god knows what from somewhere god knows where. You are importing unusable invalid stuff.

                1 Reply Last reply Reply Quote 0
                • G
                  giacomo
                  last edited by

                  Hi,

                  I've solved, creating a new "Internal" CA; now I've no errors in system log!
                  But I'm not able to surf HTTPS since I've this error on my Firefox:

                  An error occurred during a connection to www.google.it.
                  SSL received a record that exceeded the maximum permissible length.
                  Error code: SSL_ERROR_RX_RECORD_TOO_LONG

                  Giacomo.

                  1 Reply Last reply Reply Quote 0
                  • J
                    J_Unit
                    last edited by

                    You have to import the CA into firefox manually. Its under options/advanced/certificates/view certificates/import.

                    1 Reply Last reply Reply Quote 0
                    • First post
                      Last post
                    Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.