SSL certificate "Common Name" URL filtering



  • Is this possible on pfSense? Most commercial appliances perform HTTPS URL filtering by inspecting the "Common Name" field in the certificate during the SSL handshake. If the domain is blocked, they return a self-signed certificate followed by the "URL Blocked" page. The client will see a certificate error, but the page is successfully blocked. If the domain is allowed, the SSL handshake resumes normally with the original certificate sent directly to the client.