Steven.Glogger@xxxxxxxxxxxx wrote:
hi all i've tried to google around for this topic and to search the archives the last 2 hours, but it seemes, i'm not able to solve the problem. my issue is this: i'm using a transparent proxy (squid 3.0) to regulate internet access. my server (freebsd 7.2) is forwarding all http AND https traffic to a squid (compiled with transparent option), but using ipfw: add 15000 fwd 127.0.0.1,3128 tcp from table(10) to any 80,8080 recv xl0 keep-state add 15001 fwd 127.0.0.1,3129 tcp from table(10) to any 443 recv xl0 keep-state squid is listening on 3128 for http and 3129 for https. this works perfect and my users can surf normally the internet, also websites with SSL are working (getting an error of the SSL, because the certificate does not really matches. but anyway. i've atteched my squid.conf for reference. but anyway, testing apple updates -> no problem. trying to update windows -> error. i get error 0x80072F8F complaining about the date/time of the update certificate. is there a way to solve my problems? i've tried using no-cache, allow_direct, etc.. and I failed. -steven
Welcome to the world of security protection against man-in-middle attacks (the correct name for 'transparent' interception proxy mode).
Windows Update requires a HTTPS authentication request to succeed before it will update. The authenticator unconditionally verifies the security certificates as all good browsers and web clients should also be doing.
... catch my drift? Amos -- Please be using Current Stable Squid 2.7.STABLE6 or 3.0.STABLE15 Current Beta Squid 3.1.0.8 or 3.0.STABLE16-RC1
