[squid-users] net::err_cert_common_name_invalid just in squid page with dstdomain block

Rafael Akchurin rafael.akchurin at diladele.com
Tue Dec 5 19:38:05 UTC 2017 

May it be https://docs.diladele.com/faq/squid/chrome_ssl_filter/dns_does_not_exist.html ?

Best regards,
Rafael Akchurin

Op 5 dec. 2017 om 20:34 heeft erdosain9 <erdosain9 at gmail.com<mailto:erdosain9 at gmail.com>> het volgende geschreven:

Hi, and thanks.

But, i dont get it, how this is possible, if the bumping is working well. I
mean, if all https is working with my certificate, except for those that i
block (from chrome). But the bumping is working well in Chrome and Firefox.

This is log from Chrome with port

1512501177.181     33 192.168.1.121 TCP_MISS/204 459 POST
https://www.google.com.ar/gen_204? user at mydomain.LAN<mailto:user at mydomain.LAN> HIER_DIRECT/- text/html
443
1512501177.182     35 192.168.1.121 TCP_MISS/204 459 POST
https://www.google.com.ar/gen_204? user at mydomain.LAN<mailto:user at mydomain.LAN> HIER_DIRECT/- text/html
443
1512501177.186     40 192.168.1.121 TCP_MISS/200 815 POST
https://www.google.com.ar/url? user at mydomain.LAN<mailto:user at mydomain.LAN> HIER_DIRECT/- text/html 443
1512501177.252     59 192.168.1.121 TCP_DENIED/200 0 CONNECT
web.whatsapp.com:443<http://web.whatsapp.com:443> user at mydomain.LAN<mailto:user at mydomain.LAN> HIER_NONE/- - 443
1512501177.338     80 192.168.1.121 TCP_MISS/204 193 GET
http://www.gstatic.com/generate_204 user at mydomain.LAN<mailto:user at mydomain.LAN>
HIER_DIRECT/www.gstatic.com<http://www.gstatic.com> - 80


This is the log from firefox with port

1512501278.321     41 192.168.1.121 TCP_MISS/200 813 GET
https://www.google.com.ar/url? user at mydomain.LAN<mailto:user at mydomain.LAN> HIER_DIRECT/- text/html 443
1512501278.684    185 192.168.1.121 TCP_DENIED/200 0 CONNECT
www.whatsapp.com:443<http://www.whatsapp.com:443> user at mydomain.LAN<mailto:user at mydomain.LAN> HIER_NONE/- - 443
1512501278.875      3 192.168.1.121 TAG_NONE/403 6567 GET
https://www.whatsapp.com/? user at mydomain.LAN<mailto:user at mydomain.LAN> HIER_NONE/- text/html 443
1512501278.916     35 192.168.1.121 TCP_MISS/204 459 POST
https://www.google.com.ar/gen_204? user at mydomain.LAN<mailto:user at mydomain.LAN> HIER_DIRECT/- text/html
443
1512501279.160    877 192.168.1.121 TAG_NONE/200 0 CONNECT
www.google.com.ar:443<http://www.google.com.ar:443> user at mydomain.LAN<mailto:user at mydomain.LAN> HIER_DIRECT/www.google.com.ar<http://www.google.com.ar> - 443
1512501279.278     52 192.168.1.121 TCP_MISS/204 459 POST
https://www.google.com.ar/gen_204? user at mydomain.LAN<mailto:user at mydomain.LAN> HIER_DIRECT/- text/html
443
1512501279.529    608 192.168.1.121 TCP_DENIED/200 0 CONNECT
www.whatsapp.com:443<http://www.whatsapp.com:443> user at mydomain.LAN<mailto:user at mydomain.LAN> HIER_NONE/- - 443
1512501279.746      2 192.168.1.121 TAG_NONE/403 6569 GET
http://squid.mydomain.lan:3128/squid-internal-static/icons/SN.png
user at mydomain.LAN<mailto:user at mydomain.LAN> HIER_NONE/- text/html 3128
1512501279.832     75 192.168.1.121 TCP_DENIED/200 0 CONNECT
www.whatsapp.com:443<http://www.whatsapp.com:443> user at mydomain.LAN<mailto:user at mydomain.LAN> HIER_NONE/- - 443
1512501279.838      0 192.168.1.121 TAG_NONE/403 6571 GET
https://www.whatsapp.com/favicon.ico user at mydomain.LAN<mailto:user at mydomain.LAN> HIER_NONE/- text/html
443

"How do you compare the two certificates? "

I see the certificate, and look detail (both, firefox and chrome).
<http://squid-web-proxy-cache.1019090.n4.nabble.com/file/t376870/Captura_de_pantalla_de_2017-12-05_16-25-48.png>

is the same CN :squid.mydomain.lan

And, again, this error just happend from Chrome when there is time to show a
"web from squid" (no route to host, error, access denied,  etc.)

For example if i see the certificate from facebook (trough squid https
bumping) i see my certificate... so why when i block the web Chrome give
that problem....

Thanks again
(sorry i dont speak english very well)



--
Sent from: http://squid-web-proxy-cache.1019090.n4.nabble.com/Squid-Users-f1019091.html
_______________________________________________
squid-users mailing list
squid-users at lists.squid-cache.org<mailto:squid-users at lists.squid-cache.org>
http://lists.squid-cache.org/listinfo/squid-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20171205/6debe29a/attachment-0001.html>

More information about the squid-users mailing list