At the moment I redirect http(443) requests into squid configured https_port. It works as expected. It terminate ssl connection with the ssl certificate installed in Squid. And then proxies traffic.
In this setup, end users get illegal certificate errors, of course.
I want to established a local CA and install public certificate of this local CA into end user client PCs. Squid should get the target domain name, it should create a ssl certificate for that target domain in the local ca on the fly. Because I installed CA public certificate in Trusted Root Certificate Authorities in the client PC, client IE will not give any errors, trust the site certificate and provides real tranparent https proxying.
An open source tool, imspector, does the same setup successfully for another aim.
I try to find a way of implementing such setup with squid and I need your kind comments.
Best Answer
Try this:
http://wiki.squid-cache.org/Features/SslBump
http://wiki.squid-cache.org/Features/DynamicSslCert