The config looks good, as long as you configure your browsers to use port 3127 for HTTPS. You don't need the example broken_sites acl, but it is also harmless. Please open the Firefox settings and go to Advanced - Certificates - View certificates. A new window will appear. Click the Authorities tab and search for the Squid certificate. If it does not appear in the list, you have the answer. It is also the most common cause of "Untrusted certificate" errors, although not the only possible one. BTW, I would recommend you to specify the "-config /etc/openssl.cnf" parameter to openssl when creating the certificate, and to edit /etc/openssl.cnf to adjust some settings, like the key length. Please provide more details about which certificate errors you get; otherwise it's hard to know what's wrong. Regards, Victor El Viernes, 22 de noviembre de 2013 05:37:51 iishiii escribió: > I tried to import the certificate .... but not sure it was correct or not > ...i am using chrome ...firfox ...EI10 for testing ... the following is my > setting .... > > http_port 3128 intercept > https_port 3127 intercept ssl-bump generate-host-certificates=on > dynamic_cert_mem_cache_size=4MB cert=/usr/local/squid/ssl_cert/myCA.pem > acl broken_sites dstdomain .example.com > ssl_bump none localhost > ssl_bump none broken_sites > ssl_bump server-first all > sslcrtd_program /usr/local/squid/libexec/ssl_crtd -s > /usr/local/squid/var/lib/ssl_db -M 4MB > sslcrtd_children 5 > > i followed the procedure of this tutorial > http://pen-testing-lab.blogspot.com/ > > Please guide me by steps how you done get it working please > > > > -- > View this message in context: > http://squid-web-proxy-cache.1019090.n4.nabble.com/anyOne-who-has-working-s > sl-bump-configuration-for-facebook-tp4663452p4663454.html Sent from the > Squid - Users mailing list archive at Nabble.com. RSVP: "State of the Backup Appliance Market" webinar featuring leading analyst firm IDC. Tuesday, November 19, 10am PST. Register at http://www.barracuda.com/idcwebinar.