[squid-users] net::err_cert_common_name_invalid just in squid page with dstdomain block
Rafael Akchurin
rafael.akchurin at diladele.com
Tue Dec 5 19:38:05 UTC 2017
May it be https://docs.diladele.com/faq/squid/chrome_ssl_filter/dns_does_not_exist.html ?
Best regards,
Rafael Akchurin
Op 5 dec. 2017 om 20:34 heeft erdosain9 <erdosain9 at gmail.com<mailto:erdosain9 at gmail.com>> het volgende geschreven:
Hi, and thanks.
But, i dont get it, how this is possible, if the bumping is working well. I
mean, if all https is working with my certificate, except for those that i
block (from chrome). But the bumping is working well in Chrome and Firefox.
This is log from Chrome with port
1512501177.181 33 192.168.1.121 TCP_MISS/204 459 POST
https://www.google.com.ar/gen_204? user at mydomain.LAN<mailto:user at mydomain.LAN> HIER_DIRECT/- text/html
443
1512501177.182 35 192.168.1.121 TCP_MISS/204 459 POST
https://www.google.com.ar/gen_204? user at mydomain.LAN<mailto:user at mydomain.LAN> HIER_DIRECT/- text/html
443
1512501177.186 40 192.168.1.121 TCP_MISS/200 815 POST
https://www.google.com.ar/url? user at mydomain.LAN<mailto:user at mydomain.LAN> HIER_DIRECT/- text/html 443
1512501177.252 59 192.168.1.121 TCP_DENIED/200 0 CONNECT
web.whatsapp.com:443<http://web.whatsapp.com:443> user at mydomain.LAN<mailto:user at mydomain.LAN> HIER_NONE/- - 443
1512501177.338 80 192.168.1.121 TCP_MISS/204 193 GET
http://www.gstatic.com/generate_204 user at mydomain.LAN<mailto:user at mydomain.LAN>
HIER_DIRECT/www.gstatic.com<http://www.gstatic.com> - 80
This is the log from firefox with port
1512501278.321 41 192.168.1.121 TCP_MISS/200 813 GET
https://www.google.com.ar/url? user at mydomain.LAN<mailto:user at mydomain.LAN> HIER_DIRECT/- text/html 443
1512501278.684 185 192.168.1.121 TCP_DENIED/200 0 CONNECT
www.whatsapp.com:443<http://www.whatsapp.com:443> user at mydomain.LAN<mailto:user at mydomain.LAN> HIER_NONE/- - 443
1512501278.875 3 192.168.1.121 TAG_NONE/403 6567 GET
https://www.whatsapp.com/? user at mydomain.LAN<mailto:user at mydomain.LAN> HIER_NONE/- text/html 443
1512501278.916 35 192.168.1.121 TCP_MISS/204 459 POST
https://www.google.com.ar/gen_204? user at mydomain.LAN<mailto:user at mydomain.LAN> HIER_DIRECT/- text/html
443
1512501279.160 877 192.168.1.121 TAG_NONE/200 0 CONNECT
www.google.com.ar:443<http://www.google.com.ar:443> user at mydomain.LAN<mailto:user at mydomain.LAN> HIER_DIRECT/www.google.com.ar<http://www.google.com.ar> - 443
1512501279.278 52 192.168.1.121 TCP_MISS/204 459 POST
https://www.google.com.ar/gen_204? user at mydomain.LAN<mailto:user at mydomain.LAN> HIER_DIRECT/- text/html
443
1512501279.529 608 192.168.1.121 TCP_DENIED/200 0 CONNECT
www.whatsapp.com:443<http://www.whatsapp.com:443> user at mydomain.LAN<mailto:user at mydomain.LAN> HIER_NONE/- - 443
1512501279.746 2 192.168.1.121 TAG_NONE/403 6569 GET
http://squid.mydomain.lan:3128/squid-internal-static/icons/SN.png
user at mydomain.LAN<mailto:user at mydomain.LAN> HIER_NONE/- text/html 3128
1512501279.832 75 192.168.1.121 TCP_DENIED/200 0 CONNECT
www.whatsapp.com:443<http://www.whatsapp.com:443> user at mydomain.LAN<mailto:user at mydomain.LAN> HIER_NONE/- - 443
1512501279.838 0 192.168.1.121 TAG_NONE/403 6571 GET
https://www.whatsapp.com/favicon.ico user at mydomain.LAN<mailto:user at mydomain.LAN> HIER_NONE/- text/html
443
"How do you compare the two certificates? "
I see the certificate, and look detail (both, firefox and chrome).
<http://squid-web-proxy-cache.1019090.n4.nabble.com/file/t376870/Captura_de_pantalla_de_2017-12-05_16-25-48.png>
is the same CN :squid.mydomain.lan
And, again, this error just happend from Chrome when there is time to show a
"web from squid" (no route to host, error, access denied, etc.)
For example if i see the certificate from facebook (trough squid https
bumping) i see my certificate... so why when i block the web Chrome give
that problem....
Thanks again
(sorry i dont speak english very well)
--
Sent from: http://squid-web-proxy-cache.1019090.n4.nabble.com/Squid-Users-f1019091.html
_______________________________________________
squid-users mailing list
squid-users at lists.squid-cache.org<mailto:squid-users at lists.squid-cache.org>
http://lists.squid-cache.org/listinfo/squid-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20171205/6debe29a/attachment-0001.html>
More information about the squid-users
mailing list