Great, thanks. Don’t know why I didn’t think of it before but I’ll try elevating it from Login -> System keychain and see what happens. > On 16 Oct 2015, at 11:51 AM, Jason Haar <Jason_Haar@xxxxxxxxxxx> wrote: > > On 16/10/15 13:34, Dan Charlesworth wrote: >> Thanks! >> >> So ignoring the “bumpable” helper check, it’s effectively peeking at step1 and then bumping it like my config’s doing. >> >> I wonder what else could be differentiating it. Is your proxy CA just installed in the Login keychain? > > Nope - did it "properly" at the OS level. Get a PEM version of your > squidCA pubkey and as root do > > security add-trusted-cert -d -r trustRoot -p ssl -p smime -p IPSec -p > eap -p basic /path/squidCA.pem > /dev/null 2>&1 || true > certtool i "/path/squidCA.pem" k=/System/Library/Keychains/X509Anchors >> /dev/null 2>&1 || true > > The "ipsec/smime" stuff is actually not needed - but I don't care ;-) I > went for the carpet bombing approach for the Mac (which I don't know well) > > -- > Cheers > > Jason Haar > Corporate Information Security Manager, Trimble Navigation Ltd. > Phone: +1 408 481 8171 > PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1 > > _______________________________________________ > squid-users mailing list > squid-users@xxxxxxxxxxxxxxxxxxxxx > http://lists.squid-cache.org/listinfo/squid-users _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
