See: http://wiki.squid-cache.org/Features/SslBump
On Thu, Mar 18, 2010 at 11:54 AM, Sheahan, John <[email protected]> wrote: > If Squid is configured to use the "squid wildcard certificate", does this > mean that all of the HTTPS clients have to manually accept this certificate > in order to proxy HTTPS through squid? Same issues as with Blue Coat and "SSL Intercept". Some tunneled protocols and a few websites will fail when intercepted, so you must have provisions to make exceptions (e.g. "ssl_bump deny broken_sites") Generally you would have the clients pre-loaded with your private CA certificate, for MSIE you can do this by GPO, for some other browsers/OS you do have to manually load the CA certificate, once. Kevin
