What is the correct way to add self-signed root certificates?
-
Hello!
I am trying to use pfsens with a squid.
I have a local certification authority that issued certificates for local web servers.
How to correctly add this center to trusted so that the squid at pfsense trusts them?Adding them to the list of certification authorities in the web interface (system_camanager.php) did not help, so I added them directly to the operating system repository (ca-root-nss.crt) for now.
Thanks in advance!
-
there are many methods
If I can suggest it, follow these:https://docs.netgate.com/pfsense/en/latest/cache-proxy/wpad-autoconfigure-for-squid.html
a little more and more serious (it's an old but good job):
https://forum.netgate.com/topic/100342/guide-to-filtering-web-content-http-and-https-with-pfsense-2-3 -
Thanks for the answer.
My problem is a little different: the proxy is turned on and works (for now , for me only), but it does not trust the certificates issued by the local certification authority (they are used for the slal on local servers). How to make a squid trust such certificates? So far I have added them to the operating system repository, this works, but maybe there is a more "pfSense-way"?It may be described on the specified links, but I did not find it.
-
áhhhh, so I get it
just what I found and only partially similar question
https://forum.netgate.com/topic/57097/squid3-mutual-authentification-with-client-certificate/5
http://squid-web-proxy-cache.1019090.n4.nabble.com/icap-and-https-td3329449.html