Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Problem accessing the site (SSL Certificate expired on: May 30 10:48:38 2020 GMT)

    Scheduled Pinned Locked Moved
    Cache/Proxy
    3
    8
    743
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      auto2015
      last edited by

      Hello!
      I'm starting to setup squid on pfsense.
      Some sites do not open due to a certificate error (as I understand it, this is due to a recently expired certificate - it was discussed here in other topics).
      What needs to be done to get them working? I would not want to disable ssl checking.

      Thanks in advance!

      certificate_expired.JPG

      GertjanG 1 Reply Last reply Reply Quote 0
      • GertjanG
        Gertjan @auto2015
        last edited by Gertjan

        @auto2015 said in Problem accessing the site (SSL Certificate expired on: May 30 10:48:38 2020 GMT):

        What needs to be done to get them working?

        Nothing.
        At most : call them ?
        It's the site's admin to correct his certificates.

        The root cert used to sign the cert is ok, but the root cert used by the webserver's admin, to be bundled with the intermédiate cert and cert and sended to our browser, is old.
        Happely enough, our browser knows that the old cert was replaced by a new one.
        What I make of it : netgate.com web server settings should be updated : the old :

        USERTrust RSA Certification Authority
Fingerprint SHA256: 1a5174980a294a528a110726d5855650266c48d9883bea692b67b6d726da98c5

        should be updated to the new :

        USERTrust RSA Certification Authority   Self-signed	
Fingerprint SHA256: e793c9b02fd8aa13e21c31228accb08119643b749c898964b1746d46c3d4cbd2

        https://www.ssllabs.com/ssltest/analyze.html?d=forum.netgate.com&s=208.123.73.199

        edit : https://forum.netgate.com/topic/154044/easylist-update-fails-expired-cert/15

        No "help me" PM's please. Use the forum, the community will thank you.
        Edit : and where are the logs ??

        1 Reply Last reply Reply Quote 0
        • A
          auto2015
          last edited by

          @Gertjan said in Problem accessing the site (SSL Certificate expired on: May 30 10:48:38 2020 GMT):

          Nothing.

          Thank you.
          I understand that the problem is on the web server side, but I hoped there was some workaround.
          Unfortunately, there are a lot of such websites, but I can’t add each site to exceptions or disable ssl certificate verification.

          1 Reply Last reply Reply Quote 0
          • GertjanG
            Gertjan
            last edited by

            A solution might be : use another web browser ?
            My Firefox (77.0.1) doesn't complain at all (it somewhat out smarts out dated root certificates, it knows that newer ones are available.

            No "help me" PM's please. Use the forum, the community will thank you.
            Edit : and where are the logs ??

            1 Reply Last reply Reply Quote 0
            • A
              auto2015
              last edited by

              @Gertjan said in Problem accessing the site (SSL Certificate expired on: May 30 10:48:38 2020 GMT):

              A solution might be : use another web browser ?

              Browsers without proxy works well.
              They can build other certification paths.
              The problem is that squid on pfSense does not.

              PS: Sorry for my English if I explain it unclear

              1 Reply Last reply Reply Quote 0
              • GertjanG
                Gertjan
                last edited by

                Never used Squid.
                Dies it have it's own 'database' with trusted (outdated ?) root certificates ?

                No "help me" PM's please. Use the forum, the community will thank you.
                Edit : and where are the logs ??

                1 Reply Last reply Reply Quote 0
                • A
                  aGeekhere
                  last edited by

                  https://forum.netgate.com/topic/100342/guide-to-filtering-web-content-http-and-https-with-pfsense-2-3

                  to prevent these issue you need to use the following
                  WPAD (or manual set)
                  Transparent Proxy to catch http traffic the WPAD misses
                  SSL Man In the Middle Filtering SPLICE ALL catch https traffic the WPAD misses

                  Never Fear, A Geek is Here!

                  1 Reply Last reply Reply Quote 0
                  • A
                    auto2015
                    last edited by

                    @aGeekhere said in Problem accessing the site (SSL Certificate expired on: May 30 10:48:38 2020 GMT):

                    SPLICE ALL

                    Thank you,
                    The option "SPLICE ALL" solve the problem

                    1 Reply Last reply Reply Quote 0
                    • First post
                      Last post