• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

pfsense squid+squidguard http (TLS code: X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT)

Scheduled Pinned Locked Moved Cache/Proxy
4 Posts 2 Posters 2.7k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • S
    Summer
    last edited by Sep 7, 2021, 12:23 PM

    Dear Sirs,
    I've installed squid and squidguard, enabled:

    Squid > General > enabled Transparent HTTP Proxy

HTTPS/SSL Interception is disabled

    Now every http request got blocked with:
    TLS code: X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT

    I've setup ACL with allowed domains in squidguard, but cannot understand why http request are going wrong.
    Any idea is appreciated.

    Thanks, BR

    1 Reply Last reply Reply Quote 0
    • S
      stephenw10 Netgate Administrator
      last edited by Sep 7, 2021, 4:34 PM

      Could be redirceting blocked traffic to an error page hosted on the firewall, behind that cert.

      S 1 Reply Last reply Sep 8, 2021, 6:49 AM Reply Quote 1
      • S
        Summer @stephenw10
        last edited by Sep 8, 2021, 6:49 AM

        @stephenw10 thank you for the reply, I've disabled squidguard and with only squid running I can access the http sites, while if I enable the squidguard always get this error:

        (92) Protocol error (TLS code: X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT)
Self-signed SSL Certificate: /O=pfSense webConfigurator Self-Signed Certificate/CN=nameofpfsensebox

        I've looked at the options on squidguard but didn't see any related on http or https.
        BR

        1 Reply Last reply Reply Quote 0
        • S
          stephenw10 Netgate Administrator
          last edited by Sep 8, 2021, 2:08 PM

          Right so if Squidguard is blocking that traffic it will try to display an error page but that is hosted in the firewall behind that self signed cert over https.

          As a test only try setting the firewall webgui to http.

          If that works you need to change the Squidguard settings to either not display an error page or redirect to an externally host page over http.

          Steve

          1 Reply Last reply Reply Quote 0
          1 out of 4
          • First post
            1/4
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
            This community forum collects and processes your personal information.
            consent.not_received