[squid-users] net::err_cert_common_name_invalid just in squid page with dstdomain block

erdosain9 erdosain9 at gmail.com
Tue Dec 5 19:33:56 UTC 2017


Hi, and thanks.

But, i dont get it, how this is possible, if the bumping is working well. I
mean, if all https is working with my certificate, except for those that i
block (from chrome). But the bumping is working well in Chrome and Firefox.

This is log from Chrome with port 

1512501177.181     33 192.168.1.121 TCP_MISS/204 459 POST
https://www.google.com.ar/gen_204? user at mydomain.LAN HIER_DIRECT/- text/html
443
1512501177.182     35 192.168.1.121 TCP_MISS/204 459 POST
https://www.google.com.ar/gen_204? user at mydomain.LAN HIER_DIRECT/- text/html
443
1512501177.186     40 192.168.1.121 TCP_MISS/200 815 POST
https://www.google.com.ar/url? user at mydomain.LAN HIER_DIRECT/- text/html 443
1512501177.252     59 192.168.1.121 TCP_DENIED/200 0 CONNECT
web.whatsapp.com:443 user at mydomain.LAN HIER_NONE/- - 443
1512501177.338     80 192.168.1.121 TCP_MISS/204 193 GET
http://www.gstatic.com/generate_204 user at mydomain.LAN
HIER_DIRECT/www.gstatic.com - 80


This is the log from firefox with port 

1512501278.321     41 192.168.1.121 TCP_MISS/200 813 GET
https://www.google.com.ar/url? user at mydomain.LAN HIER_DIRECT/- text/html 443
1512501278.684    185 192.168.1.121 TCP_DENIED/200 0 CONNECT
www.whatsapp.com:443 user at mydomain.LAN HIER_NONE/- - 443
1512501278.875      3 192.168.1.121 TAG_NONE/403 6567 GET
https://www.whatsapp.com/? user at mydomain.LAN HIER_NONE/- text/html 443
1512501278.916     35 192.168.1.121 TCP_MISS/204 459 POST
https://www.google.com.ar/gen_204? user at mydomain.LAN HIER_DIRECT/- text/html
443
1512501279.160    877 192.168.1.121 TAG_NONE/200 0 CONNECT
www.google.com.ar:443 user at mydomain.LAN HIER_DIRECT/www.google.com.ar - 443
1512501279.278     52 192.168.1.121 TCP_MISS/204 459 POST
https://www.google.com.ar/gen_204? user at mydomain.LAN HIER_DIRECT/- text/html
443
1512501279.529    608 192.168.1.121 TCP_DENIED/200 0 CONNECT
www.whatsapp.com:443 user at mydomain.LAN HIER_NONE/- - 443
1512501279.746      2 192.168.1.121 TAG_NONE/403 6569 GET
http://squid.mydomain.lan:3128/squid-internal-static/icons/SN.png
user at mydomain.LAN HIER_NONE/- text/html 3128
1512501279.832     75 192.168.1.121 TCP_DENIED/200 0 CONNECT
www.whatsapp.com:443 user at mydomain.LAN HIER_NONE/- - 443
1512501279.838      0 192.168.1.121 TAG_NONE/403 6571 GET
https://www.whatsapp.com/favicon.ico user at mydomain.LAN HIER_NONE/- text/html
443

"How do you compare the two certificates? "

I see the certificate, and look detail (both, firefox and chrome).
<http://squid-web-proxy-cache.1019090.n4.nabble.com/file/t376870/Captura_de_pantalla_de_2017-12-05_16-25-48.png> 

is the same CN :squid.mydomain.lan

And, again, this error just happend from Chrome when there is time to show a
"web from squid" (no route to host, error, access denied,  etc.)

For example if i see the certificate from facebook (trough squid https
bumping) i see my certificate... so why when i block the web Chrome give
that problem....

Thanks again
(sorry i dont speak english very well)



--
Sent from: http://squid-web-proxy-cache.1019090.n4.nabble.com/Squid-Users-f1019091.html


More information about the squid-users mailing list