Re: [pfSense] https filtering
thanks for all to suggest me with forum. my https filtering with transparent proxy works good. also i m using capative portal but before i m using squid3-dev my capative portal properly provide to bandwidth each user what i give on mac filtering but now after enable https filter bandwidth is not working. On Sat, Nov 22, 2014 at 11:07 AM, A Mohan Rao mohanra...@gmail.com wrote: This is my ca cert pls find attached file. Thanks Mohan On Sat, Nov 22, 2014 at 11:07 AM, A Mohan Rao mohanra...@gmail.com wrote: On Fri, Nov 21, 2014 at 6:53 PM, Jason Pyeron jpye...@pdinc.us wrote: -Original Message- From: Mohan Rao Sent: Friday, November 21, 2014 6:08 Hello, all! Squid3-dev + Squidguard set up, and they're blocking pages through HTTP and HTTPS just fine. The problem is, it's throwing certificate errors at about every secure page that is opened, despite having the CA trusted. Can you post an example certificate? For example, if they try going to mail.google.com, it throws this error: Have you tested with openssl from the command line of a client? Technical Details accounts.google.com uses an invalid security certificate. The certificate is not trusted because no issuer chain was provided. Sounds like the root CA was not delivered with the generated certificate, can you post the squid configs? (Error code: sec_error_unknown_issuer) Any idea how to make this work? Which browsers is this happening in? -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- - - - Jason Pyeron PD Inc. http://www.pdinc.us - - Principal Consultant 10 West 24th Street #100- - +1 (443) 269-1555 x333Baltimore, Maryland 21218 - - - -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- This message is copyright PD Inc, subject to license 20080407P00. ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
[pfSense] https filtering
Hello, all! Squid3-dev + Squidguard set up, and they're blocking pages through HTTP and HTTPS just fine. The problem is, it's throwing certificate errors at about every secure page that is opened, despite having the CA trusted. For example, if they try going to mail.google.com, it throws this error: Technical Details accounts.google.com uses an invalid security certificate. The certificate is not trusted because no issuer chain was provided. (Error code: sec_error_unknown_issuer) Any idea how to make this work? ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] https filtering
-Original Message- From: Mohan Rao Sent: Friday, November 21, 2014 6:08 Hello, all! Squid3-dev + Squidguard set up, and they're blocking pages through HTTP and HTTPS just fine. The problem is, it's throwing certificate errors at about every secure page that is opened, despite having the CA trusted. Can you post an example certificate? For example, if they try going to mail.google.com, it throws this error: Have you tested with openssl from the command line of a client? Technical Details accounts.google.com uses an invalid security certificate. The certificate is not trusted because no issuer chain was provided. Sounds like the root CA was not delivered with the generated certificate, can you post the squid configs? (Error code: sec_error_unknown_issuer) Any idea how to make this work? Which browsers is this happening in? -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- - - - Jason Pyeron PD Inc. http://www.pdinc.us - - Principal Consultant 10 West 24th Street #100- - +1 (443) 269-1555 x333Baltimore, Maryland 21218 - - - -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- This message is copyright PD Inc, subject to license 20080407P00. ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] https filtering
On Fri, Nov 21, 2014 at 6:53 PM, Jason Pyeron jpye...@pdinc.us wrote: -Original Message- From: Mohan Rao Sent: Friday, November 21, 2014 6:08 Hello, all! Squid3-dev + Squidguard set up, and they're blocking pages through HTTP and HTTPS just fine. The problem is, it's throwing certificate errors at about every secure page that is opened, despite having the CA trusted. Can you post an example certificate? For example, if they try going to mail.google.com, it throws this error: Have you tested with openssl from the command line of a client? Technical Details accounts.google.com uses an invalid security certificate. The certificate is not trusted because no issuer chain was provided. Sounds like the root CA was not delivered with the generated certificate, can you post the squid configs? (Error code: sec_error_unknown_issuer) Any idea how to make this work? Which browsers is this happening in? -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- - - - Jason Pyeron PD Inc. http://www.pdinc.us - - Principal Consultant 10 West 24th Street #100- - +1 (443) 269-1555 x333Baltimore, Maryland 21218 - - - -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- This message is copyright PD Inc, subject to license 20080407P00. ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list https_ssl.crt Description: application/x509-ca-cert ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] https filtering
This is my ca cert pls find attached file. Thanks Mohan On Sat, Nov 22, 2014 at 11:07 AM, A Mohan Rao mohanra...@gmail.com wrote: On Fri, Nov 21, 2014 at 6:53 PM, Jason Pyeron jpye...@pdinc.us wrote: -Original Message- From: Mohan Rao Sent: Friday, November 21, 2014 6:08 Hello, all! Squid3-dev + Squidguard set up, and they're blocking pages through HTTP and HTTPS just fine. The problem is, it's throwing certificate errors at about every secure page that is opened, despite having the CA trusted. Can you post an example certificate? For example, if they try going to mail.google.com, it throws this error: Have you tested with openssl from the command line of a client? Technical Details accounts.google.com uses an invalid security certificate. The certificate is not trusted because no issuer chain was provided. Sounds like the root CA was not delivered with the generated certificate, can you post the squid configs? (Error code: sec_error_unknown_issuer) Any idea how to make this work? Which browsers is this happening in? -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- - - - Jason Pyeron PD Inc. http://www.pdinc.us - - Principal Consultant 10 West 24th Street #100- - +1 (443) 269-1555 x333Baltimore, Maryland 21218 - - - -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- This message is copyright PD Inc, subject to license 20080407P00. ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list https_ssl.crt Description: application/x509-ca-cert ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list