Hi, change from server-first to client-first; and your issue is gone; Walter On Mon, May 12, 2014 08:41, Tom Holder wrote: > Hi Amos, > > Thanks for that. Yes I understand the legalities, this isn't to > 'forge' anything. The users are well aware they're not looking at the > real sites. > > The CA will be installed on their systems and they will have to agree > to it. The issue is that the browser is complaining that the CN does > not match because my local web server that represents ANY site has a > catch all CN. Therefore I'm trying to determine a way to generate the > correct CN before Squid tries to bump the SSL so that the CN is nearly > correct. > > The certificates I generate don't need to look like the original > because I'm not trying to trick anyone, they just need not to error in > the browser. > > Thanks, > Tom
