Hi, I've configured Squid 3 with SSL bump and dynamic SSL generation and it works really well when I use it for just browsing the Internet. My problem is I'm trying to 'mimic' a live web site and the server Squid is on does not have access to the live Internet. E.g. site1.com doesn't actually go to site1.com on the live Internet I'm redirecting it to a local version of site1.com The problem is dynamic SSL generation and SSL Bump requires connecting to the real site1.com to grab the certificate. When it tries to connect to my local site1.com there is just a generic SSL I've generated with the wrong common name and this causes the browser to throw an SSL error. Note, I'm not trying to do this for anything dodgy here, the custom CA is installed in to the end user's computer and this is not a transparent proxy, it's only because the common name isn't matching that I'm getting issues. The only way around this I can think of without hacking squid (a possibility but my C++ is poor), is to build something that hooks in to the rewrite connect method to generate a certificate myself, load it in to the web server and then my own local site1.com will have a correct cert. Has anyone had a similar issue or managed to solve this? I might have missed something in the docs but I don't think so and I realise this is a bit of a strange request. Thanks Tom
