Email certificate error



  • Hi,
    I setup the squid to be transparent ( just finish a fresh install on 2.2 ) , but with no ssl, still with some email I get a request from the email program about a selfsigne certificate ??
    How is it possible to avoid this warning ?
    Thanks



  • Sounds like you still have the HTTPS/SSL interception checked. If that is turned off then all HTTPS will go through and not be proxied.
    If you want to use SSL man in the middle you have to generate a CA cert in cert manager and also export it and install it all devices.
    Kind of a pain but if you want to check the content of the HTTPS you have to do it this way.

    Jim



  • Hi thanks for the answer.
    Yes youare correct, but I just try disabling the transparent Proxy and still get the warning :(
    It's about the pfsense certificate , don't understand why.

    Update.
    The only way to solve it was to import the PFSense certificate on the email program, but still I don't understand why ??

    ![email warning.jpg](/public/imported_attachments/1/email warning.jpg)
    ![email warning.jpg_thumb](/public/imported_attachments/1/email warning.jpg_thumb)



  • If you are using the SSL bump in the middle then you need to import the CA certificate you are using on all the machines behind the proxy server.
    The proxy server decrypts using the public SSL CAs and then encrypts it back using your local CA and your machine needs that CA to display it in the browser.

    Jim



  • Thanks Jim,
    no I don't use the ssl :)



  • If you truly have transparent mode disabled and you have configured your system manually to use the proxy or automatically via WPAD, it should not give any certificate errors.  Something weird is going on.



  • Yes , I just wiped all and installed a fresh copy.
    Hope it works better :)


Log in to reply