Yes it was add to the Windows cert store. (Tools > Options > Content > Certiifcates > Trusted Root Certification Authorities). Not all all HTTPS websites cause errors either, e..g https://www.credit-suisse.com is fine. Sean On 2 December 2011 15:03, Guy Helmer <guy.helmer@xxxxxxxxxxxxxxxxxxx> wrote: > > On Dec 2, 2011, at 3:52 AM, Sean Boran wrote: > > > Hi, > > > > I'm testing squid v3 with SSL interception (the interception is to do > > AV checking with icap) in routing mode. > > Sslbump/dynamic certs are configured. A self-signed cert is used on > > the proxy, and installed as a ca on browsers. > > > > https to several sites (such as Gmail.com boi.com) works with FF > > (although FF is initially much slower); but gives errors in IE9 > > "Internet Explorer blocked this website from displaying content with > > security certificate errors" > > > > Clicking on the lock icon shows the certificate with name > > accounts.google.com and signed by myproxy.com, which is fine. So why > > is IE not happy? > > > > In the squid logs: > > NONE/000 0 CONNECT accounts.google.com:443 - HIER_NONE/- - > > TCP_MISS/200 9497 GET https://accounts.google.com/ServiceLogin? - > > HIER_DIRECT/209.85.148.84 text/html > > NONE/000 0 CONNECT ssl.google-analytics.com:443 - HIER_NONE/- - > > NONE/000 0 CONNECT mail.google.com:443 - HIER_NONE/- - > > NONE/000 0 CONNECT ssl.gstatic.com:443 - HIER_NONE/- - > > TCP_MISS/200 1301 POST > > http://safebrowsing.clients.google.com/safebrowsing/downloads > > > > Is IE9 fussier that other browsers regarding SSL? > > > > > > Any tips/best practices to get SSL interception running smoothly ? :-) > > > > Thanks, > > > > Sean > > I believe Firefox uses its own certificate store while IE uses the Windows certificate store. Was the self-signed cert added to the Windows cert store? > > Guy-------- > This message has been scanned by ComplianceSafe, powered by Palisade's PacketSure.
