OPNsense Forum

English Forums => General Discussion => Topic started by: croberti on March 10, 2017, 04:13:52 pm

Title: Proxy with HTTPS
Post by: croberti on March 10, 2017, 04:13:52 pm

Hi, I'm new to OPNsense and I'm trying to use it and its proxy to allow web access to users only to some site and the most important use HTTPS protocol.
Unfornatly it does not work, every time I receive the message that the connection is no secure (does not accept exception) or not event propose exception saying the site is using HSTS (HTTP Strict Transport Security).
I attached my configurarion, hope someone can help me.

Bye, Claudio.

Title: Re: Proxy with HTTPS
Post by: guest15389 on March 10, 2017, 04:36:39 pm

Did you step through the guide? Have you installed the certificates on the clients?

https://docs.opnsense.org/manual/how-tos/proxytransparent.html (https://docs.opnsense.org/manual/how-tos/proxytransparent.html)

Title: Re: Proxy with HTTPS
Post by: croberti on March 10, 2017, 04:53:10 pm

Yes, I followed the guide and tried installing the certificate in OS (Win 10, right click then install) and in browser but nothing worked.
With an HTTPS site it propose me to acquire the certificate but then it say

>The following error was encountered while trying to retrieve the URL: https://x.xx.xxx.xx/*
>
>   Access Denied.
>
>Access control configuration prevents your request from being allowed at this time. Please contact your service >provider if you feel this is incorrect.

like it was not in whitelist, but the same site is accessed well in HTTP.

Thanks, Claudio.

Title: Re: Proxy with HTTPS
Post by: guest15389 on March 10, 2017, 05:12:11 pm

I think you need to validate you have the certificate installed as it looks like you are getting an error based on that. Sadly, I have a Mac so I can't confirm exactly how to install.

From poking around, it looks like you need to hit Internet Options-> Content -> Certificates

Screenshot from my VM looks like:

(http://i.imgur.com/1y5j6jL.png)

Title: Re: Proxy with HTTPS
Post by: croberti on March 10, 2017, 05:20:58 pm

I tried to import this way but nothing changed, hope someone have some ideas.
Thanks anyway.

Claudio.

Title: Re: Proxy with HTTPS
Post by: fabian on March 10, 2017, 08:06:47 pm

Windows has a management console (MMC) called certificate manager. Ensure that your certificate is under something called trusted root CAs.

However from the screenshot it looks like you use domain only so you don't need to import a certificate. The screenshot says not connected which may make it more likely that you are not able to
a) resolve names or
b) have an IP address problem

Title: Re: Proxy with HTTPS
Post by: croberti on March 13, 2017, 09:56:42 am

It turned out that the problem was not with https but with white and black lists in ACL.
I want to allow only some site in the form of http://*.domain.com/* and https://*.domain.com/*, can someone help me with white and black lists in ACL. I found that ^. in black list block all site, but then also white listed sites are blocked.

Bye, Claudio.