Squid + https

Gertjan · Jul 17, 2020, 1:08 PM

Never used squid before, but I guess a CA should be created first.
Here :

Then, based on the CA, you create your certs :

These certs can be used in OpenVPN, FreeRadius, the pfSense GUI, etc.
CA's can't be use directly, except for signing (your own) certs.

DaddyGo · Jul 17, 2020, 1:08 PM

@Gertjan said in Squid + https:

Never used squid before, but I guess a CA should be created first.
Here :

exactly,
use the pfSense certificate builder and then it will appear in Squid settings

then you can also export it for installation on external devices

like:

viberua · Jul 17, 2020, 1:14 PM

@DaddyGo so if i don't want create new CA because i already have one, then i can't use this external CA cert in MITM?

DaddyGo · Jul 17, 2020, 1:26 PM

@viberua

Squid works with an internal intermediate certificate
you can't use example Lets' E or other

because of what is described above in this thread......

like:

techtester-m · Jul 17, 2020, 1:35 PM

@viberua You need to "become" a CA (a local one of course) and have your own Public Key & Private Key in order for Squid to encrypt-decrypt.

viberua · Jul 17, 2020, 1:41 PM

@DaddyGo when i try to create an intermediate CA, the list of signing CA is empty
but as i said i have our domain CA server and added his CA cert to CA settings

techtester-m · Jul 17, 2020, 1:49 PM

@viberua said in Squid + https:

but as i said i have our domain CA server and added his CA

Won't work.

Do this from scratch:

And this is what you should see:

DaddyGo · Jul 17, 2020, 1:53 PM

@viberua

you are doing something wrong...
because it works very well in pfSense

just watch squidSSL2 I just created for the sake of the test...

DaddyGo · Jul 17, 2020, 1:59 PM

@techtester-m

I like you bro, but it is not appropriate to speak into an ongoing conversation...

forum etiquette

techtester-m · Jul 17, 2020, 2:03 PM

@DaddyGo
Ok...I just saw notifications of his questions jump in my email so it caught my attention and just wanted to help.
But I accept your point. Have a great one :), I'm out. No expert anyway lol

DaddyGo · Jul 17, 2020, 2:04 PM

@techtester-m

nothing happened...
we taught you about these a few days ago
I'm glad, you learned

Gertjan · Jul 17, 2020, 2:23 PM

@viberua

Your image :

This is mine :

More in detail :
You :

Me :

What is your pfSense version ~~or what~~ ?

DaddyGo · Jul 17, 2020, 2:17 PM

@Gertjan said in Squid + https:

What is your pfSense version or what ?

legitimate question anyway

Abdou Ahmed · Aug 1, 2020, 10:39 PM

@DaddyGo
Hi
how are you . i just want to ask if i can use pfsense proxy with mikrotik server
clearly . i wannot to add a certificat in users phone . just add it in mikrotik
to Enable SSL filtering in my network
i tray to that alot and have no result

DaddyGo · Aug 4, 2020, 10:10 AM

@Abdou-Ahmed said in Squid + https:

just add it in mikrotik

well, please specify this, please what kind of Mikrotik???
I'm pretty prepared in the "picture" - Mikrotik...
(all our CATV traffic is provided by Mikrotik devices)