Dear all, I have enabled my proxy for transparent SSL Mitm proxying. Traffic for destination tcp 443 is DNAT'ed to localhost:8443 through iptables. This part is working. I am able to browse the internet sites. For each SSL site, for once, browser gives a warning of Mitm. It should, of course. However I want to learn the way to remove any warning by through manually adding a certificate to Trusted Key Store of Internet Explorer or Firefox. Squid conf param: https_port 8443 cert=/etc/squid/certs/sslfilter.crt key=/etc/squid/certs/sslfilter.key protocol=https accel vhost defaultsite=google.com The way I have created the certificate and key: openssl genrsa -rand /proc/apm:/proc/cpuinfo:/proc/dma:/proc/filesystems:/proc/interrupts:/proc/ioports:/proc/pci:/proc/rtc:/proc/uptime 1024 > /etc/squid/certs/sslfilter.key cat << EOF | openssl req -new -key /etc/squid/certs/sslfilter.key -x509 -days 1825 -out /etc/squid/certs/sslfilter.crt TR ANK Ankara Info Customer IT SSL Filtering Proxy support@domain EOF Regards, -- Oguz YILMAZ
