Squid3-dev https,ssl interception do not work in proxy mode

boujid · Aug 18, 2014, 3:59 PM

HI

i've been testing squid3-dev for https,ssl interception with the proxy mode in vain
i've created the CA and all is ok but when i enter a https site there is no certificate warning and the browser display the original site certificate and not the self signed one that i created so there is no interception

when i select "transparent http proxy" the interception work fine and i am getting the pfsense self signed certificate for each https site

i've re-installed pfsense many times to be sure that at each test pfsense configuration is clean.

is this a known bug or the interception must also work fine with the proxy mode ?

can you give me a hint ? i really dont understand, just the fact of enabling transparent mode make the interception work, without transparent mode there is no https ssl interception

i am using the 3.3.10 pkg 2.2.6 version of squid3-dev and 2.1.4 for pfsense

Thanks a lot

KOM · Aug 18, 2014, 6:21 PM

For HTTPS transparent mode to work, you must install your CA cert as a trusted CA in your web browser on every client that will use the proxy.

boujid · Aug 19, 2014, 8:52 AM

Hi

my problem is not about transparent mode, i want to use squid with proxy mode, and in this mode the ssl interception doesnt work.
i am now just testing then i am not deploying certificate on the clients.

so when there is proxy configured in the browsers port 3128, internet is working but there is no ssl interception even if the HTTPS/SSL interception is enabled and the CA configured

when i configure squid3-dev with the transparent mode and remove proxy from browsers internet is working also the ssl interception

my question is whay the ssl interception doesnt work for proxy mode ?

Thanks

ubit · Mar 11, 2015, 4:53 AM

did you solved the problem?