Re: [pfSense] Problem with Chrome - HTTP trasnparent proxy with SSL filtering

> Am 03.11.2017 um 14:40 schrieb Richard A. Relph : > > I’ve heard Google will be removing certificate pinning from Chrome soon… > Yeah, for public sites. They’ll still make sure nobody can sign anything *.google.*, have users import a private root certificate and then

Re: [pfSense] CARP Demotion Not Working

But think of the time you would have wasted instead. Just trading a little pride for time. Seems like a good deal most times. On Nov 3, 2017, 15:02, at 15:02, Andrew Kester wrote: >Actually, it looks like Node B was indeed in maintenance mode. Setting > >it back to

Re: [pfSense] CARP Demotion Not Working

Actually, it looks like Node B was indeed in maintenance mode. Setting it back to normal seems to have resolved the problem. (That always seems to happen: send mail to a mailing list and it's something silly on my end) --- Thanks! Andrew Kester The Storehouse https://sthse.co On 11/3/17

Re: [pfSense] CARP Demotion Not Working

Are you using the "enter persistent maintenance mode" here? I'm trying to remember when I looked at this a couple years ago but overall if we shut down node A, node B takes over, and when A boots up it becomes Master again. However if I enter maintenance mode first (forcing B to

Re: [pfSense] (no subject)

OK thank you so much!!! 2017-11-02 11:57 GMT-03:00 Roberto Carna : > People, I have pfSEnse 2.4 with Squid and Squidguard. > > I enable HTTP transparent proxy and SSL filtering with Splice All. > > From our Android cell phones, if we use Firefox TO NAVIGATE everything >

Re: [pfSense] CARP Demotion Not Working

An update on this, if the master node is rebooted during a failure, the secondary node takes cover correctly and remains the master as would be expected. This makes me think that the priority is set correctly but the second node for some reason isn't honoring the advskew set by the master

Re: [pfSense] Problem with Chrome - HTTP trasnparent proxy with SSL filtering

Public or private CA, the issue will persist. On Nov 3, 2017 8:39 AM, "Roberto Carna" wrote: > OK Jon, thanks for your time and explanation. > > So a last qustion please: now I put in Squid of pfSense a private CA > certificate...is it the same if I put a public CA

Re: [pfSense] Problem with Chrome - HTTP trasnparent proxy with SSL filtering

I’ve heard Google will be removing certificate pinning from Chrome soon... > On Nov 3, 2017, at 8:26 AM, Yaroslav Samoylenko wrote: > > Chrome has a Certificate Pinninng feature. This feature takes the Google > certs and checks their finger prints against the good known. > >

Re: [pfSense] Problem with Chrome - HTTP trasnparent proxy with SSL filtering

Chrome has a Certificate Pinninng feature. This feature takes the Google certs and checks their finger prints against the good known. AFAIK this is an issue with all HTTPS proxies from at least BlueCoat, Cisco, SonicWall and Checkpoint. The suggested solution is to bypass SSL filtering those

Re: [pfSense] Problem with Chrome - HTTP trasnparent proxy with SSL filtering

OK Jon, thanks for your time and explanation. So a last qustion please: now I put in Squid of pfSense a private CA certificate...is it the same if I put a public CA certificate? Will I experience the same HTTPS behaviour related to Chrome and Firefox? Thanks a lot again. ROBERTO 2017-11-02