Hi Amos I found the problem and now it works Thanks for all your help I'm posting this for two reasons: 1. I want to get your feedback if the problem is a bug in squid or a problem in the way I configured it 2. For other squid users that have tried to forward proxy a https portal that is run on tomcat and have failed as I have. Just to recap I'm using squid as a forward proxy for both http and https sites, and the decrypted data is relayed to an icap service where I process the data. I've configured squid with ssl-bump as shown in post above and it works for all sites that I've tried except my own portal that I run on tomcat. The reason for this was that all sites ssl CONNECT work via port 443 while tomcat default port is 8443. When I changed my tomcat to work via 443 it started working. Below is all configuration and preparation: keys/certs squid.conf etc. squid.conf (only relevant part) http_port 3128 ssl-bump key=squidkey.pem cert=squidcert.pem ssl_bump allow all sslproxy_cafile /root/security/CA/certs/cacert.pem >From Openssl's library use script CA.sh, make sure to configure openssl.cnf and path is script to match. CA.sh -newca openssl x509 -in CA/certs/cacert.pem -inform PEM -out ca.cert -outform DER Tomcat configuration keytool -genkey -alias tomcat -keyalg RSA -keystore tomcat.jks keytool -certreq -keyalg RSA -alias tomcat -file tomcat.csr -keystore tomcat.jks openssl ca -in tomcat.csr -notext -out tomcat.cert keytool -import -alias myca -keystore tomcat.jks -file ca.cert keytool -import -alias tomcat -keystore tomcat.jks -file tomcat.cert Squid key/cert openssl req -newkey rsa:1024 -keyout squidkey.pem -keyform PEM -out squidreq.pem -outform PEM -nodes openssl ca -in squidreq.pem -notext -out squidcert.pem -- View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/squid-as-forward-proxy-for-portal-run-on-tomcat-tp3383986p3399758.html Sent from the Squid - Users mailing list archive at Nabble.com.
