After Configure CA certificates everything is blocked

itsupport_debut

Hi Team,
I have configure pf-sense 2.4.4 and i want to block https websites also thats why i was configure CA certificates but after that everything is blocked(even google). I have configured a group ACL in which we provided full access to client IP but same problem is here we can't access anything (everything is blocked).
[0_1552375236363_pfsense_squid.xlsx](Uploading 100%)

Gertjan

Hi,

Blocking https ?
What do you mean ?
Plain "http" sites will not exist anymore in a near future, so what your asking for is a "total blocking for web browsing".
I advise you to pull the plug. Works very well and less hassle.

Btw : glad you found out Google is using https these days ^^

Maybe you know what this is, but we don't.
@itsupport_debut said in After Configure CA certificates everything is blocked:

[0_1552375236363_pfsense_squid.xlsx](Uploading 100%)

itsupport_debut

Thanks for your reply,
I only want to block some https websites, such as SocialNet, but after configuring the CA certificates on the firewall, every https websites has been blocked.
I know Google is working on https, but we do not want to block Google.
you don't understand what I am asking for. Here I am asking that Google is blocked after installing a CA certificate on the firewall, not here I want to block Google.
Here I just do not want to block google but we want block some https websites only.

Gertjan

What part of pfSense - what part of the manual - are you using so it could block 'some' https web sites ?
Why installing a CA Certificate ?
How does this certificate comes into play so it could help you achieving your goal ?

Btw : this forum is loaded with question about : "help me blocking facebook / twitter / instagram / youtube / etc" if that is what you want. I still don't really understand your "block some https site". https stands for security. You really want to block secured access to some sites ?
That isn't a general pfSense issue (to part of the forum where you posted) but more related to "Home pfSense Packages" see the Cache/Proxy and pfBlockerNG sub forum.

itsupport_debut

Please help me blocking facebook ,twitter,instagram, youtube etc.
if you want to access my firewall then i ready to provide access for it.
Thanks

Gertjan

Ah, ok, now we are getting somewhere ...
Still, what does this CA cert has to do with it ?
Anyway.

When you use solutions that block 'some users' to visit 'some sites' you need to read awful lot of information. Because you have to understand the why / what / when.
Added to that : when you have a working situation, you have to survey it constantly as your are using rather complicated solution that can change any moment.
This is a topicality : you want something, so you implement something (like driving that car you bought - you do it, because no one will be there for you for your car).

So, read the forums I mentioned.
Try something like Google pfsense block Facebook - just read and you will get the picture.
Have a look at the Netgate's Videos about this subject (Youtube => Netgate).

Btw : I never ever I block 'some sites' for some of the visitors or my colleagues or who eve on my networks. I'm using pfSense in a company - not some family or related environment. I also tend to keep things simple.