Squid: Can't access https!

  • I have a pfsense box with squid package.

    The squid is configured to use an upstream proxy.

    The only internet connection is via the proxy(company policy), and nothing else.

    So I have configured my browser to have this proxy(LAN IP), and with port 3128.

    Normal http is working fine, but I am unable to get into any email website(https).

    Anyone can shed some light?

    I check and see that the squid.conf have all the SSL ports defined. Is this a problem came from PfSense? Or is caused by the upstream 8080 proxy?

  • Does it work if you take pfSense out of the equation?  Just connect the workstation to the LAN and set it to use the required proxy server.  Can you get to HTTPS sites through this setup?

  • Yes, that was the setup all this while. HTTPS traffic stop flowing after the PfSense + Squid is added in between.

    I have tried to put the PfSense + Squid box directly to a modem and everything works, http and https. So its more likely its the upstream proxy server isn't talking SSL properly with my squidy(or I didn't set the proper settings for squid as a down streamer).

    Anybody has been dealing with Squid + ISA Server as upstream?

  • Try taking out the upstream proxy configuration.  Won't ISA pick up the traffic transparently just like a transparent squid installation would?

  • Here is my upstreams:
    User –-> Squid ---> ISA #1 ---> ISA #2 ---> Internet

    I have tried to directly connect to ISA #1 without setting browser proxy and found that I am having the same issue(http ok, https time out), am now banging my head on the ISA box now.

    I have also tried the following setting:
    User ---> Squid ---> ISA ---> Internet
    http ok
    https timeout

  • Hello. Are you sure that in the firewall, in the lan tab is enabled the port 443 (https)?. Sorry for my english.

Log in to reply