You can leave your hat on, apmailist! You are asking about man-in-the-middle ( mitm ) technique for proxying. Squid is known to be uncapable of this: it does not parse the SSL requests. It can proxify them as a vanilla sockets via the HTTP CONNECT method. I use to implement sich a thing for myself with a set of methods, but the common choice is: cgi kind of the proxy that is running on the hosting and the specialized software capable of mitm for https, like the nginx For the first case, you should dig into the corresponding libraries, like Net::SSLeay in the case you cgiproxy is made in perl. I myself even not sure if Net::SSLeay is capable to verify SSL via the CAs list. Probably Curl handles this better. For the second case, I've already requested this as a feature for nginx. ( I did not request x.509 pki feature yet though; only the CAs and CRLs lists to be possible to supply for nginx's proxy_pass directive ). But anyway: nginx isn't about to support the CONNECT method like squid does. So you may want to use the squid with the fake resolver to be able to use your nginx as an https mitm proxy ;-) You may find such a code helpful for this: http://gitweb.vereshagin.org/fcgiproxy There are the config samples somewhere inside. 2010/05/18 15:40:31 +0200 apmailist@xxxxxxx => To squid-users@xxxxxxxxxxxxxxx : > Hello, > > I'm about to ask a daft question, maybe. > Several proxy clients Will need to access a website that requires a > client certificate. In order to avoid deploying this certificate on > each client, we would like to install the certificate on squid so it > can pass it to the web server. > Is this technically possible ? > This is maybe a security breach. > All the info I found relate to certificates and reverse proxies. > > Thank you > > Andrew 73! Peter pgp: A0E26627 (4A42 6841 2871 5EA7 52AB 12F8 0CE1 4AAC A0E2 6627) -- http://vereshagin.org