Hello Robert, Just my two cents - if you remove or comment out the sslproxy_cert_error allow all sslproxy_flags DONT_VERIFY_PEER
from squid config - may it be that squid starts complaining - "cannot get cert issues locally" on the google sites? Rafael. From: Robert Watson <rob...@gillecaluim.com<mailto:rob...@gillecaluim.com>> Date: Sunday 5 October 2014 02:29 To: "squid-users@lists.squid-cache.org<mailto:squid-users@lists.squid-cache.org>" <squid-users@lists.squid-cache.org<mailto:squid-users@lists.squid-cache.org>> Subject: [squid-users] transparent proxy https and self signed certificate error using squid 3.4.8, compiled from source with ./configure flags --enable-icap-client --enable-ssl --enable-ssl-crtd configured iptables for transparent proxy (redirect 80 to 3128) and everything works fine configured iptables for transparent proxy (redirect 443 to 3127) but can't get transparent proxy for https to work my squid.conf ... # Squid https port https_port 3127 intercept ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=4MB cert=/etc/squid/ssl_cert/XXX.pem acl broken_sites dstdomain .example.com<http://example.com> ssl_bump none localhost ssl_bump none broken_sites ssl_bump server-first all sslproxy_cert_error allow all sslproxy_flags DONT_VERIFY_PEER sslcrtd_program /usr/lib/squid/ssl_crtd -s /var/lib/squid/ssl_db -M 4MB sslcrtd_children 32 startup=5 idle=1 when visiting google (or any other https site) chrome complains NET::ERR_CERT_AUTHORITY_INVALID I tried using internet explorer as admin and imported the self signed certificate but that hasn't helped can anyone please with how to debug this thanks, Robert
_______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
