OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • English Forums »
  • Web Proxy Filtering and Caching (Moderator: fabian) »
  • squid error "Failed to establish a secure connection to 192.168.1.2"
« previous next »
  • Print
Pages: [1]

Author Topic: squid error "Failed to establish a secure connection to 192.168.1.2"  (Read 13519 times)

porigromus

  • Newbie
  • *
  • Posts: 16
  • Karma: 0
    • View Profile
squid error "Failed to establish a secure connection to 192.168.1.2"
« on: May 19, 2019, 01:53:11 am »
Hello, hoping someone can help me understand why I am receiving message "Failed to establish a secure connection to 192.168.1.2" when I access the webgui from behind the squid forward ssl proxy but have no issues with accessing it with another SAN name "firewalltest"?

As I mentioned both are subject alternative names on a self generated certificated issued by the CA created on the opnsense firewall. One works, one does not when behind the proxy. If I access the webgui for firewall management without the proxy via the ip address it shows valid.

I have the CA on the firewall trusted in my OS. I have an entry in my /etc/host file on the client attempting to access the webgui for 192.168.1.2     firewalltest.

error message:


"ERROR
The requested URL could not be retrieved

The following error was encountered while trying to retrieve the URL: https://192.168.1.2/

    Failed to establish a secure connection to 192.168.1.2

The system returned:

    [No Error] (TLS code: SQUID_X509_V_ERR_DOMAIN_MISMATCH)

    Certificate does not match domainname: /C=xx/ST=xxxxxxx/L=xxxxxx /O=xxxx/emailAddress=xxxxxxxxxxxxxxx/CN=firewalltest.test/subjectAltName=DNS:firewalltest,IP:192.168.1.2

This proxy and the remote host failed to negotiate a mutually acceptable security settings for handling your request. It is possible that the remote host does not support secure connections, or the proxy is not satisfied with the host security credentials.

Your cache administrator is admin@localhost.local."


Certificate for the Opnsense webgui issued by a CA on opnsense which is also the one chosen for the CA for squid in opnsense services.

"Certificate Subject Alt Name = "DNS:firewalltest,IP:192.168.1.2"
CN = firewalltest.test
E = xxxxxxx
O = xxxxxx
L = xxxxxx
ST = xxxxx
C = xxxxx"


« Last Edit: May 20, 2019, 01:28:58 am by porigromus »
Logged

hbc

  • Hero Member
  • *****
  • Posts: 501
  • Karma: 47
    • View Profile
Re: squid error "Failed to establish a secure connection to 192.168.1.2"
« Reply #1 on: May 19, 2019, 12:52:36 pm »
The answer is on your text
Quote
Failed to establish a secure connection to 192.168.1.1

Quote
CN=firewalltest.test/subjectAltName=DNS:firewalltest,IP:192.168.1.2

192.168.1.1 is not in your certificate name/alias

Update: are you talking about 192.168.1.1 or 192.1681.2? Your post uses both
« Last Edit: May 19, 2019, 12:58:06 pm by hbc »
Logged
Intel(R) Xeon(R) Silver 4116 CPU @ 2.10GHz (24 cores)
256 GB RAM, 300GB RAID1, 3x4 10G Chelsio T540-CO-SR

porigromus

  • Newbie
  • *
  • Posts: 16
  • Karma: 0
    • View Profile
Re: squid error "Failed to establish a secure connection to 192.168.1.2"
« Reply #2 on: May 20, 2019, 01:28:21 am »
I apologize for the misleading text, I changed the IPs for security reasons. I can assure you that the true IPs match properly.
Logged
  • Print
Pages: [1]
« previous next »
  • OPNsense Forum »
  • English Forums »
  • Web Proxy Filtering and Caching (Moderator: fabian) »
  • squid error "Failed to establish a secure connection to 192.168.1.2"
 

OPNsense is an OSS project © Deciso B.V. 2015 - 2024 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy     | XHTML | RSS | WAP2