Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Squid Proxy does not see CA anymore

    Scheduled Pinned Locked Moved 2.5 Development Snapshots (Retired)
    5 Posts 2 Posters 1.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • H
      Hexistenz
      last edited by

      Hello,

      In the last three snapshots - today and the two days before - Squid in SSL Interception mode cannot be activated anymore, as it does not see the CA installed in Cert Manager ( the only available option in the Squid GUI is 'none' ).

      I am posting here as it seems to be linked to Cert Manager in 2.5 rather than Squid itself.

      If anyone has any idea.

      Best,

      viktor_gV 1 Reply Last reply Reply Quote 0
      • viktor_gV
        viktor_g Netgate @Hexistenz
        last edited by

        @hexistenz Please provide more info about your CA cert

        unable to reproduce it on 2.5.0.a.20210122.2350 with squid-pkg 0.4.45

        H 1 Reply Last reply Reply Quote 0
        • H
          Hexistenz @viktor_g
          last edited by

          @viktor_g
          Thanks a lot for looking into it. It's an intermediate CA - Key is ECC P521.
          The CA is validly accepted in Cert-Manager and can generate Certificates.

          For that matter any type of CA even RSA are not seen by Squid.
          I tried to uninstall-reinstall but no luck yet. I may just do a clean install of the latest snapshot to see if it changes anything.

          Any logs I may look into? I have not see any errors yet.

          PS I am now on 2.5.0.a.20210122.2350 with squid-pkg 0.4.45

          viktor_gV 1 Reply Last reply Reply Quote 0
          • viktor_gV
            viktor_g Netgate @Hexistenz
            last edited by

            @hexistenz

            related to https://redmine.pfsense.org/issues/9897#note-7

            Please add your comment or create a new bugreport:
            https://docs.netgate.com/pfsense/en/latest/development/bug-reports.html

            H 1 Reply Last reply Reply Quote 1
            • H
              Hexistenz @viktor_g
              last edited by

              @viktor_g

              Oh many thanks, removing all the P521 CAs, now Squid sees another type!
              Thanks a lot for your help!

              Best,

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.