On Tuesday 05 May 2020 at 12:21:19, mariolatif741 wrote: > The purpose of proxy A is that its the proxy that will be given to my > clients. The purpose of all what I am doing is to let my clients use proxy > B indirectly through proxy A (so they can use proxy B without installing > the CA certificate) Won't work. If you are doing HTTPS / SSL / TLS interception *at any point* in the chain between the client and the real server, then the machine doing the interception is going to have to generate a fake certificate for what it sends back to the client (no matter whether that passes through an intermediate proxy or not), therefore the client needs to have the fake CA certificate installed in order to trust what it receives. There is no way for the client to get the "real" certificate from the "real" server if a machine in between intercepts and decrypts the communication. If there were, TLS security would be meaningless. Regards, Antony. -- "Measuring average network latency is about as useful as measuring the mean temperature of patients in a hospital." - Stéphane Bortzmeyer Please reply to the list; please *don't* CC me. _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users