See: http://wiki.squid-cache.org/Features/SslBump On Thu, Mar 18, 2010 at 11:54 AM, Sheahan, John <John.Sheahan@xxxxxxxxxxxxx> wrote: > If Squid is configured to use the "squid wildcard certificate", does this mean that all of the HTTPS clients have to manually accept this certificate in order to proxy HTTPS through squid? Same issues as with Blue Coat and "SSL Intercept". Some tunneled protocols and a few websites will fail when intercepted, so you must have provisions to make exceptions (e.g. "ssl_bump deny broken_sites") Generally you would have the clients pre-loaded with your private CA certificate, for MSIE you can do this by GPO, for some other browsers/OS you do have to manually load the CA certificate, once. Kevin
