Hi there,
I've got squid 2.7 setup and running as a transparent HTTP proxy on
pfSense 2.1 snapshot from June 28th.
Now I'd like to set it up as an HTTPS transparent proxy as well.
In the proxy server's custom options box I've added :
https_port 127.0.0.1:3129 transparent \
cert=/etc/certs/pfsense.example.org.pem \
key=/etc/certs/pfsense.example.org.key
Then I've created a NAT (Port Forward) rule to redirect all HTTPS
(destination port) traffic over to 127.0.0.1:3129, and automatically
added an associated filter rule which allows such connections.
Now when I'm trying to access to https://www.gmail.com for example, I've
got the browser warning about the name mismatch wrt the local
certificate (we're fine with that), but then I've got this message in my
browser :
(92) Protocol error
Squid's access.log contains :
1343186054.441 256 10.10.10.100 TCP_MISS/502 1481 GET https://www.gmail.com/
- DIRECT/74.125.237.150 text/html
And Squid's cache.log contains :
2012/07/25 14:14:14| SSL unknown certificate error 20 in
/C=US/ST=California/L=Mountain View/O=Google Inc/CN=mail.google.com
2012/07/25 14:14:14| fwdNegotiateSSL: Error negotiating SSL connection on FD
37: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify
failed (1/-1/0)
Any idea what I'm doing wrong ?
bye
--
Jérôme Alet - <[email protected]> - Direction du Système d'Information
Université de la Nouvelle-Calédonie - BPR4 - 98851 NOUMEA CEDEX
Tél : +687 290081 Fax : +687 254829
_______________________________________________
List mailing list
[email protected]
http://lists.pfsense.org/mailman/listinfo/list
