Update: Set your SSH on the wpad to only allow access during business hours. This can be done with the PAM

edit the following file

/etc/security/time.conf

add:

sshd;*;*;AL0500-2300

Meaning I can only access ssh into my wpad durring 5-2300

After adapt /etc/ssh/sshd_config

make sure your listenaddress is the ip of the wpad set your AllowUsers to your login

Example

Port 8085 #change port if needed AddressFamily inet #ipv4 only ListenAddress 192.168.1.6 #address of wpad AllowUsers Jonathan@192.168.1.* # any device that is 192.168.1.X

Change

PermitRootLogin no #no ssh login for root UsePam yes # turn on pam for use with time restrictions

after adapt
/etc/passwd

for added security also change your login to use the shell rbash and lock down the wad.

Also if you use ipv6 and ipv4 you will have a race condition and sshd will not start on reboots you must also adapt

sudo -i systemctl edit --full sshd.service

under [unit] add

Requires=network-only.target After=network-only.taget

This will only start sshd once the network target is running in my example 192.168.1.6 I also have ipv6 running so it would cause issues unless I changed this. If you do not use ipv4 forget about this.

@michmoor
Yes, it works for them, unfortunately only there :(

@jdb67 You might also try to email the Squid users support email to get Squid help they are very helpful sometimes the original code writers chime in and help users.

squid-users@lists.squid-cache.org

FYI: You will have to register your email and wait for approval before you can send out a email to everyone on this however.

@karimhaydar31 said in connection is not private when using Chrome:

X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN

The certificate is valid, but not co-signed by one of the major players, like Verisign etc. see here for a list.

The thing is, your browser only accepts (and stays silent) certificates if they were co or toot signed by one of the authorities that are on 'the list' (in your device).
You could actually empty this list, and your browser would not even trust https://www.micirostf.com any more.

So, the easiest thing to do, is : export the certificate that is being used by the Webconfigurator, and import it into you browser / OS.
Now, your browser / OS it trust it, and no more errors. That's all it takes !

You could also get your hands on a certificate that is trusted out of the box.
A trusted certificate is free.
Example : if these are your general settings :

5f251b0a-5c89-4ab6-aec6-556829c21c72-image.png

and you actually own, or rent the some-domain.tld domain name, you could obtain certificate for *.some-domain.tld for free.
The pfSense package "acme" is all about that functionality.
Again : the certificate will be free, the domain name will cost some money.