Squid with SSL bumping and whitelist Common Name Invalid



  • Hi guys,

    today I set up pfSense 2.3 on my Zotec CI323. Everythings works but one thing. I run squid with clamav and ssl bumping and it works normally. I tested with eicar test files and clamav detected it. Now my problem. I want to blacklist all domains and just whitelist the few I need for this setup. When I put a '.' (without ') in the blacklist and e.g. '.google.de' in the whitelist I get a Common Name Invalid Error. It looks like squid puts the IP in the CN field of the certificate. When I leave black and whitelist empty, squid generates the correct certificates and my browsers don't complain. CA is installed in my browsers of course. It's just a bit strange that it works normally and as soon as I use the blacklist it stops working. Also if I just put one domain in the blacklist and leave whitelist empty, the domain is blacklisted correctly.
    Do you have an idea why that happens? Should I post my config file?

    Best regards,
    Lukas



  • Hi, i have the same problem but also without setting whitelist and black list. I try to configure squid in transparent proxy mode. How have you create the CA certificate?
    Thank you



  • In the end I installed the version 2.6 of pfsense and all work fine, http and https proxy in transparent mode


Log in to reply