OPNsense Forum
English Forums => Web Proxy Filtering and Caching => Topic started by: manjeet on November 23, 2018, 11:30:11 am
-
Hey Guys, I am running transparent proxy (HTTP and HTTPS)
1. If i enable "ssl inspection" and do not add any site to "ssl no bump site" then it opens every single website except slack, google and its websites.
2. For same as 1 and if i add .google.com and .slack.com in "ssl no bump site" then it allows slack and google and its website but block every other website until i add an certificate to web browser of all the clients.
3. But using https from command line or any other way (Software center of ubuntu) then it gives an error.
Any solution in this situation ?
OR
Any option to add certificate to entire system so that no matter which way i access https (web browser, command line or other applications like ubuntu software center / slack / etc) i will allow it always.. (I run Windows, Linux and Mac systems in network)
-
most applications use the certificate store that is used by openssl.
This may help: https://superuser.com/questions/437330/how-do-you-add-a-certificate-authority-ca-to-ubuntu
-
This worked, Thanks. Now my command line updates and software centre both working including other applications.
Chrome use the certificate from system but Firefox still needs the certificate to import manually.
Now i have this issue: Only in 1 machine and only in Google chrome. Machine is Windows based.
Happens only When user try to access google or any google website, all other websites working fine.
Failed to establish a secure connection to 74.125.68.94
The system returned:
(92) Protocol error (TLS code: SQUID_ERR_SSL_HANDSHAKE)
Handshake with SSL server failed: error:140920F8:SSL routines:ssl3_get_server_hello:unknown cipher returned