Netgate SG-1000 microFirewall

Author Topic: This site is not secure  (Read 99 times)

0 Members and 1 Guest are viewing this topic.

Offline haaser

  • Newbie
  • *
  • Posts: 12
  • Karma: +0/-0
    • View Profile
This site is not secure
« on: February 07, 2018, 12:19:32 pm »
I am not sure what information to post to help with this but I am only getting these errors on a few SSL websites. I am using default settings for squid and have not changed much for the MITM. It is set for transparent proxy but that is working fine as far as I can tell. I have imported the certificate to each machine and installed it into "Trusted Root Certification Authorities". Any suggestions or if you need any more information just ask. I am not sure what to do next?


This site is not secure

This might mean that someone’s trying to fool you or steal any info you send to the server. You should close this site immediately.



Recommended iconClose this tab



More information  More information 


Your PC doesn’t trust this website’s security certificate.
The website’s security certificate is not yet valid or has expired.
The hostname in the website’s security certificate differs from the website you are trying to visit.
Error Code: DLG_FLAGS_INVALID_CA
DLG_FLAGS_SEC_CERT_DATE_INVALID
DLG_FLAGS_SEC_CERT_CN_INVALID

Not recommended iconGo on to the webpage (not recommended)

Offline KOM

  • Hero Member
  • *****
  • Posts: 5591
  • Karma: +688/-23
    • View Profile
Re: This site is not secure
« Reply #1 on: February 07, 2018, 12:31:51 pm »
Is it possible that this error is coming from the original certificate?  If you visit that same site outside of squid and check the cert, is everything valid?

Offline haaser

  • Newbie
  • *
  • Posts: 12
  • Karma: +0/-0
    • View Profile
Re: This site is not secure
« Reply #2 on: February 07, 2018, 01:01:05 pm »
If I shut of the squid the website works fine. So I would assume that it is something on my end.

Is this still an issue? https://redmine.pfsense.org/issues/7524
Squid MITM/SSL-Bump broken with Chrome due to missing SAN in generated certificates

Offline KOM

  • Hero Member
  • *****
  • Posts: 5591
  • Karma: +688/-23
    • View Profile
Re: This site is not secure
« Reply #3 on: February 07, 2018, 02:51:52 pm »
No idea.  I don't use transparent mode or SSL-intercept.  Just WPAD to get the URL for filtering and that's all.