Squid3-dev ssl error on gmail



  • Hello forum,

    I install pfSense 2.1 RC1 with squid3-dev + squidguard, i add CA in pfsense then install certs on all clients , Now we can browse https website without error but when im trying to browse websites like gmail.com

    
    You attempted to reach [b]gmail.com[/b], but instead you actually reached a server identifying itself as [b]mail.google.com[/b]. This may be caused by a misconfiguration on the server or by something more serious. An attacker on your network could be trying to get you to visit a fake (and potentially harmful) version of gmail.com.
    You cannot proceed because the website operator has requested heightened security for this domain.
    
    

    Can i solve this with a valid Certificate bought from Versign or other?
    If i buy a valid cert do i need to install it on all clients or its already trusted by clients browsers ?

    Thanks



  • It's looking for s different certificate /site.

    Try to reach gmail with www and see what certificate it asks for.



  • 
    The following error was encountered while trying to retrieve the URL: https://www.gmail.com/
    
    Failed to establish a secure connection to 173.194.45.85
    
    The system returned:
    
    [No Error] (TLS code: SQUID_X509_V_ERR_DOMAIN_MISMATCH)
    
    Certificate does not match domainname: /C=US/ST=California/L=Mountain View/O=Google Inc/CN=mail.google.com
    
    This proxy and the remote host failed to negotiate a mutually acceptable security settings for handling your request. It is possible that the remote host does not support secure connections, or the proxy is not satisfied with the host security credentials.
    
    Your cache administrator is admin@localhost.
    
    

    but works with https://mail.google.com/mail/


Log in to reply