Problem to activate Kaspersky antivirus over transparent squid proxy
-
Olá to all!
I have the transparent squid with SSL Man In the Middle Filtering working fine. But, I can't activate the Kaspersky antivirus with the return error message: "Certificate Unstrusted".
The whitelist is with regex: .kaspersky(-labs)?.com(.br)?((/.)+)?
Unrestricted IPs: 4.59.181.141The squid log is:
1515673125.821 439 192.168.10.133 TAG_NONE/200 0 CONNECT 4.59.181.141:443 - HIER_DIRECT/4.59.181.141 -Any idea?
-
I found this…
https://forum.kaspersky.com/index.php?/topic/307761-this-connection-is-untrusted-certificate-error-in-firefox-in-yahoo-and-google/
Leo Manes
-
I can browse to https://my.kaspersky.com, for instance, without any problem…
The issue is after the antivirus application install, it's not possible to activate the license due the certificate problem! -
Most probably the app knows which certificate to expect from activation server - and thus refuses to work. You need to bypass the HTTPS decryption for traffic going to activation server. Browser is a different app and it explicitly trusts the certs installed by admin as trustable - thus your browser works.
-
Am I not bypassing the HTTPS decryption using the whitelist?
"The whitelist is with regex: .kaspersky(-labs)?.com(.br)?((/.)+)?"
-
Doesn't Kaspersky like Avast have an advanced setting setting where you define the type of connection
you are using? -
Yes, there is, but even setting the proxy in kaspersky app, the certificate problem still remains. :-\
-
If you need to bypass the HTTPS description you cannot just whitelist in pfSense UI I guess. You need to actively splice by ssl::server_name.
Something like:acl ssl_exclude_domains ssl::server_name "/opt/websafety/etc/squid/ssl/exclude/domains.conf"
ssl_bump splice ssl_exclude_domainsWhere "/opt/websafety/etc/squid/ssl/exclude/domains.conf" contains the name of the kaspersky activation server (not regex!!)
But I do not know where to put that exactly in pfSense UI :(
-
If you need to bypass the HTTPS description you cannot just whitelist in pfSense UI I guess. You need to actively splice by ssl::server_name.
Now I have a question! ??? So, what's the whitelist purpose?