On Monday 11 July 2016 at 23:07:06, HackXBack wrote: > Is there any news for using squid3 for caching https connections without > install certificates in client browser manually ? Yes, it's impossible. The client needs to see a server certificate signed by a trusted CA. If Squid is going to intercept (which I infer from your question) HTTPS connections, it has to present a certificate to the client which it has created on-the-fly for the destination server and which is acceptable to the client. To cerate such certificates on-the-fly, Squid needs to have a CA certificate and a private signing key, to create new certificates trusted by any client which trust that CA. If it were able to do that using any of the CA certificates already installed and trusted by standard clients, then Squid would be able to fake a certificate for (almost) any site on the Internet, thus destroying the HTTPS trust model. That ain't gonna happen. Therefore the only way to do HTTPS interception is to create a local CA and install that CA's certificate on all clients which need to use that Squid. The whole point is that HTTPS interception is a MITM "attack" (I use the term slightly loosely), and therefore no browser is going to let you get away with it lightly. Hope that helps, Antony. -- Tinned food was developed for the British Navy in 1813. The tin opener was not invented until 1858. Please reply to the list; please *don't* CC me. _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users