"
I've started to lose hope for finding a proper solution for enabling WSUS sync with opnsense squid acting as a SSL inspector. Thank you XeroX and randomwalk. You guys made my day! :-)
Just to confirm, this works for me in Windows Server 2022 AD/WSUS and OPNsense 24.7.10_2-amd64/squid 6.10.
Steps I've followed:
a. Added internal CA in OPNsense: System --> Trust --> Authorities using certificates chain that I found in Trusted Root Authorities cert store of Windows Server (Microsoft Root Certificate Authority 2011/Microsoft ECC Product Root Certificate Authority 2018) + both Secure Server CA 2.1 certs found at Microsoft websites.
b. Added 3 exceptions (.microsoft.com.akadns.net .windowsupdate.com .microsoft.com) into "SSL no bump sites" in Forward Proxy settings of Squid Web Proxy service.
If only have I came across this article 24h earlier I could get more sleep night before ;-)
Cheers guys!
Radek
Just to confirm, this works for me in Windows Server 2022 AD/WSUS and OPNsense 24.7.10_2-amd64/squid 6.10.
Steps I've followed:
a. Added internal CA in OPNsense: System --> Trust --> Authorities using certificates chain that I found in Trusted Root Authorities cert store of Windows Server (Microsoft Root Certificate Authority 2011/Microsoft ECC Product Root Certificate Authority 2018) + both Secure Server CA 2.1 certs found at Microsoft websites.
b. Added 3 exceptions (.microsoft.com.akadns.net .windowsupdate.com .microsoft.com) into "SSL no bump sites" in Forward Proxy settings of Squid Web Proxy service.
If only have I came across this article 24h earlier I could get more sleep night before ;-)
Cheers guys!
Radek
