EFW Support

Support => General Support => Topic started by: fnogueiramcp on Thursday 05 February 2015, 11:07:07 pm



Title: HTTPS Certificate type
Post by: fnogueiramcp on Thursday 05 February 2015, 11:07:07 pm
Hi Everyone.

I am using Endian Community 3 and I need to enable HTTPS Proxy.

I do not want to use an Endian self generated certificate, because I will have a lot of users passing by proxy, so I need to use a known and valid certificate.

In the company, we already have a Geotrust RapidSSL wildcard certificate where we use to all SSL sites we have.

The point is: What is the type of certificate I need to import into Endian so it can use in HTTPS Proxy?

What I already did:

01 - Use self generated certificate by Endian: HTTPS proxy works, but the certificate is not known by clients. It is OK, because I did not imported the certificate to clients. (this solution does not attend me)

02 - I already imported my wildcard certificate to Endian, but when I try to navigate to HTTPS web pages, it shows "The page cannot be displayed". HTTP pages works well.

I supose that there is an specific type of certificate and content (like, a certificate with key inside), but I did not find any documentation and all my attempts did not work yet.

Any clues or help will be very welcome.

Thanks in advance.

Fabio N.


Title: Re: HTTPS Certificate type
Post by: mmiat on Wednesday 18 February 2015, 10:27:25 pm
sorry but I've ever used https proxy so I not understand why you need certificate in proxy

does browser asks it when browsing internet? it could ask it only when accessing a site, and asking that site's certificate. or not?


Title: Re: HTTPS Certificate type
Post by: dda on Friday 20 February 2015, 10:29:45 am
Ok dealt with this just this week as my hard drive failed and my backup failed to restore rather mysteriously, anyway...
When you enable the https proxy you have to have import the certificate into trusted root certificate authorities in the certificate manager otherwise https pages will refuse to load saying that the connection is not private, even google.com will not load.


Title: Re: HTTPS Certificate type
Post by: dda on Friday 20 February 2015, 10:33:05 am
Ok dealt with this just this week as my hard drive failed and my backup failed to restore rather mysteriously, anyway...
When you enable the https proxy you have to have import the certificate into trusted root certificate authorities in the certificate manager otherwise https pages will refuse to load saying that the connection is not private, even google.com will not load.  I use the Endian certificate but I rename mine to EFW.cer.  I am using non-transparent proxy and this did not work until everything else was configured just right.