On 04/22/2013 10:36 AM, alex@xxxxxxxxxxxxx wrote: > This is working fine when using my self generated CA for signing the requests Let's call this CA "selfCA". > I want to get rid of the browser warning so I try to use a CA already > recognized in the browser, what should be possible following this ticket: > http://bugs.squid-cache.org/show_bug.cgi?id=3426 (already mentioned) You may have misinterpreted what that bug report says. The reporter placed his selfCA into the browser. The reporter did not use a CA certificate from a well-known CA root in his signing chain -- it is not possible to do that because you do not have the private key from that well-known root CA certificate. You should use selfCA as root CA of your signing chain and you have to place that selfCA in the browser. > If anyone has a running setup without importing the self-signed CA to all > browsers please let me know. It is not possible to bump traffic without importing your self-signed root CA into all browsers. If it were possible, SSL would have been useless. HTH, Alex.
