I suppose so. Was hoping for a more "magical" solution that would just work. -----Original Message----- From: Amos Jeffries [mailto:squid3@xxxxxxxxxxxxx] Sent: 17 April 2012 11:21 To: squid-users@xxxxxxxxxxxxxxx Subject: Re: squid 3.2.0.17 + transparent + sslbump On 17/04/2012 10:16 p.m., Daniel Niasoff wrote: > Thanks Ahmed, > > That worked, well sort of anyway. > > Squid is now successfully transparently intercepting SSL but as stated on the wiki, certificate rewrite doesn't work. > > So I guess the only real solution is explicit proxy. > > I tried to play around with WPAD + PAC but that is only useful when PCs are on a corporate network with centrally managed DNS/DHCP. > > My clients are home users with their own broadband routers which manage their own DHCP. > > So any ideas what I can do if I want to set up a proxy service for SSL with minimum effort required from users and no control of DHCP? You can publish the details of your proxy and PAC file, encouraging them to make use of it for faster Internet. Amos