Skip SSL certificate on squid3



  • Hello Pfsense admins, I want to know if there any way to bump a SSL certificate generated by pfsense?
    Here is my problem
    I've just configured pfsense 2.2.4 as proxy server with squid3 pkg 0.2.9 with HTTPS/ssl Interception (i have already installed my own CA generated by pfsense on every computer)
    Filter, internet access is okay. The problem is when i try to access a sites like gmail, web whatsapp, an other sites the browser says the next problems:

    Also with squid, can't update any software (antivirus, windows, etc)

    I tried to put another CA certificate (generated from starssl.com). When i put it, squid doesn't working, i could not access to internet. Also tried to the comand ssl_bump like said this site http://wiki.squid-cache.org/Features/SslBump

    It's better the package Squid3-dev than squid3? i wonder because many of people on forums had pfsense 2.1.x and apparently works good. If so… i had to put pfsense 2.1 because 2.2.4 i can't install squid3-dev package. Or do you recommend me a WPAD configuration?

    Attached, my squid3 GUI configuration: http://i.imgur.com/BuVkU4O.png (ohters tabs on squid is default )

    thanks for taking your time reading this,
    Best regards



  • @chavarriaa:

    Also with squid, can't update any software (antivirus, windows, etc)

    Does AV works at all for you, when it gets installed after you installed squid package? For me ClamAV stays down and errs out. (3 different installs)



  • when i installed squid3, clamv and c-icap doesn't work. searching on the web i found this (only ran c-icap):```
    https://translate.google.com/translate?hl=en-419&sl=fr&tl=en&u=http%3A%2F%2Fmylittleweb.eu%2F2015%2F01%2F30%2Fpfsense-2-2-squid-et-antivirus%2F&sandbox=1

    I searched in pfsense forums, but mostly people use pfsense 2.1.5 with squid3-dev. How did you run CLAMAV?
    
    **** EDITED ****
    just simply took a time to start.. But always have  problems to update my softwares, also the internet became very slow


  • I use squid in explicit mode so that I don't have to play around with certificates.  Configure WPAD to allow your clients to auto-detect your proxy.  I am currently running pfSense 2.2.4 with squid3 0.2.8.  Everything works fine for me.  Transparent mode seduces you with promises of everything just working by magic, but then she stabs you in the back when HTTPS comes along.