Hi, I'm trying to intercept and proxy https traffic using squid 3.5.15 running on linux machine [ubuntu ], which is configured as a router. However with below squid configuration, the browsers in client machine is able to identify that there is a “man in the middle” and never gives me an option to accept the certificate generated by squid. Can some one please review the configuration and let me know what I'm missing: cat squid.conf sslcrtd_program /home/crmanik/squid/squid-3.5.15-20160330-r14015/libexec/ssl_crtd -s /home/crmanik/tmp/squid/ssl_db -M 4MB http_port 3128 https_port 3130 intercept ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=4MB key=/home/crmanik/tmp/squid/certs/server.key cert=/home/crmanik/tmp/squid/certs/server.crt acl step1 at_step SslBump1 ssl_bump peek step1 ssl_bump bump all ### New config ends sslproxy_capath /etc/ssl/certs sslproxy_cert_error allow all sslproxy_flags DONT_VERIFY_PEER access_log /home/crmanik/tmp/squid/log/access.log cache_log /home/crmanik/tmp/squid/log/cache.log cache_store_log /home/crmanik/tmp/squid/log/store.log logfile_rotate 0 =============================================== Squid Compile Option: Squid Configure Options:Squid Cache: Version 3.5.15-20160330-r14015 Service Name: squid configure options: '--disable-dependency-tracking' '--disable-silent-rules' '--enable-inline' '--enable-async-io=8' '--enable-follow-x-forwarded-for' '--enable-linux-netfilter' 'CFLAGS=-g -O2 -fPIE -fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security -Werror=format-security' 'LDFLAGS=-Wl,-Bsymbolic-functions -fPIE -pie -Wl,-z,relro -Wl,-z,now' 'CPPFLAGS=-D_FORTIFY_SOURCE=2' 'CXXFLAGS=-g -O2 -fPIE -fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security -Werror=format-security' '--with-openssl' '--prefix=/home/crmanik/squid/squid-3.5.15-20160330-r14015' '--enable-ssl-crtd' –enable-ltdl-convenience ================================================ iptable Configuration: crmanik@crmanik-HP-Z600-Workstation:~/squid/squid-3.5.15-20160330-r14015$ sudo iptables -t nat -nvL Chain PREROUTING (policy ACCEPT 31983 packets, 4632K bytes) pkts bytes target prot opt in out source destination 0 0 REDIRECT tcp -- br-lan * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 redir ports 3128 500 30000 REDIRECT tcp -- eth1 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 redir ports 3128 1368 82080 REDIRECT tcp -- eth1 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:443 redir ports 3130 Chain INPUT (policy ACCEPT 32548 packets, 4662K bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 5409 packets, 339K bytes) pkts bytes target prot opt in out source destination Chain POSTROUTING (policy ACCEPT 1293 packets, 83596 bytes) pkts bytes target prot opt in out source destination 24520 1537K MASQUERADE all -- * eth0 0.0.0.0/0 0.0.0.0/0 -- View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/Unable-to-Proxy-https-traffic-using-squid-tp4676981.html Sent from the Squid - Users mailing list archive at Nabble.com. _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users