<table style="width: 99.8%; "><tbody><tr><td id="QQMAILSTATIONERY" style="background:url(https://rescdn.qqmail.com/zh_CN/htmledition/images/xinzhi/bg/a_02.jpg) no-repeat #fffaf6; min-height:550px; padding:100px 55px 200px 100px; "><span class="tgt" data-group="0-0" style="box-sizing: border-box; line-height: 20px; color: rgb(46, 48, 51); font-family: Arial, 'Microsoft YaHei', ΢ÈíÑźÚ, ËÎÌå, 'Malgun Gothic', Meiryo, sans-serif; font-size: 12px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; background-color: rgb(238, 240, 242);"></span><span class="tgt highlight" data-group="0-1" style="box-sizing: border-box; line-height: 20px; background-color: rgb(238, 238, 238); color: rgb(51, 133, 255); font-family: Arial, 'Microsoft YaHei', ΢ÈíÑźÚ, ËÎÌå, 'Malgun Gothic', Meiryo, sans-serif; font-size: 12px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; background-position: initial initial; background-repeat: initial initial;"></span> i use squid 3.5.27 as a transparent proxy. With the proxy , i access some https websites like <a href="http://www.hupu.com" target="_blank">www.hupu.com</a>. But the webpage does not show correctly. There are some websizes similar such as <a href="https://www.zhihu.com" target="_blank">https://www.<wbr>zhihu.com</a> , <a href="https://www.jd.com/" target="_blank">https://www.<wbr>jd.com/</a> . So i want to know where problem is or how to deal with it.<br><br><div id="gt-res-dir-ctr" dir="ltr"><span id="result_box" class="" lang="en"><span class="">The webpage remind like" s1.hdslb.com used an invalid security certificate.</span> <span class="">This
certificate is valid for the following domain names only: *
.zhaopin.com, * .zhaopin.cn, * .dpfile.com, * .cdn.myqcloud.com, *
.sogoucdn.</span> <span class="">SSL error code: SSL_ERROR_BAD_CERT_DOMAIN "</span></span></div><div dir="ltr"><span id="result_box" class="" lang="en"><span class=""><br></span></span></div><div dir="ltr"><span id="result_box" class="" lang="en"><span class="">how can i send a screenshot to explain?<br></span></span></div>Here is my configure<br># Recommended minimum configuration:<br>#<br><br># Example rule allowing access from your local networks.<br># Adapt to list your (internal) IP networks from where browsing<br># should be allowed<br>acl localnet src 10.0.0.0/8 # RFC1918 possible internal network<br>acl localnet src 172.16.0.0/12 # RFC1918 possible internal network<br>acl localnet src 192.168.0.0/16 # RFC1918 possible internal network<br>acl localnet src fc00::/7 # RFC 4193 local private network range<br>acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines<br><br>acl SSL_ports port 443<br>acl Safe_ports port 80 # http<br>acl Safe_ports port 21 # ftp<br>acl Safe_ports port 443 # https<br>acl Safe_ports port 70 # gopher<br>acl Safe_ports port 210 # wais<br>acl Safe_ports port 1025-65535 # unregistered ports<br>acl Safe_ports port 280 # http-mgmt<br>acl Safe_ports port 488 # gss-http<br>acl Safe_ports port 591 # filemaker<br>acl Safe_ports port 777 # multiling http<br>acl CONNECT method CONNECT<br><br>#<br># Recommended minimum Access Permission configuration:<br>#<br># Deny requests to certain unsafe ports<br>http_access deny !Safe_ports<br><br># Deny CONNECT to other than secure SSL ports<br>http_access deny CONNECT !SSL_ports<br># Only allow cachemgr access from localhost<br>http_access allow localhost manager<br>http_access deny manager<br>http_access allow all<br><br># We strongly recommend the following be uncommented to protect innocent<br># web applications running on the proxy server who think the only<br># one who can access services on "localhost" is a local user<br>#http_access deny to_localhost<br><br>#<br># INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS<br>#<br><br># Example rule allowing access from your local networks.<br># Adapt localnet in the ACL section to list your (internal) IP networks<br># from where browsing should be allowed<br>http_access allow localnet<br>http_access allow localhost<br>acl NCACHE method GET<br>no_cache deny NCACHE<br><br># And finally deny all other access to this proxy<br>request_header_access Via deny all #hide squid header<br>request_header_access X-Forwarded-For deny all #hide squid header<br>#request_timeout 2 minutes #client request timeout<br><br># Squid normally listens to port 3128<br>http_port 3120<br><br>http_port 3128 intercept<br><br>https_port 192.168.51.115:3129 intercept ssl-bump connection-auth=off generate-host-certificates=on dynamic_cert_mem_cache_size=4MB cert=/usr/local/squid/ssl_cert/myCA.pem key=/usr/local/squid/ssl_cert/myCA.pem<br>always_direct allow all<br>ssl_bump server-first all<br>acl ssl_step1 at_step SslBump1<br>acl ssl_step2 at_step SslBump2<br>acl ssl_step3 at_step SslBump3<br>ssl_bump peek ssl_step1<br>ssl_bump splice all<br><br>sslproxy_version 0<br>sslproxy_cert_error allow all<br>sslproxy_flags DONT_VERIFY_PEER<br><br>sslcrtd_program /usr/local/squid/libexec/ssl_crtd -s /usr/local/squid/lib/ssl_db -M 4MB<br>sslcrtd_children 8 startup=1 idle=1<br><br>#Uncomment and adjust the following to add a disk cache directory.<br>cache_dir ufs /usr/local/squid/var/cache/squid 4096 16 256<br>minimum_object_size 0 KB<br>maximum_object_size 4096 KB<br>ipcache_size 1024 MB<br>ipcache_low 70<br>ipcache_high 95<br>fqdncache_size 1024 MB<br>cache_mem 1024 MB<br>cache_swap_low 90<br>cache_swap_high 95<br><br><br># Leave coredumps in the first cache dir<br>coredump_dir /usr/local/squid/var/cache/squid<br><br><br><br><br><br></td></tr></tbody></table>