<div dir="ltr"><div dir="ltr"><p style="margin:0px 0px 1em;padding:0px;border:0px;font-variant-ligatures:normal;font-variant-numeric:inherit;font-variant-east-asian:inherit;font-stretch:inherit;line-height:inherit;font-family:Arial,"Helvetica Neue",Helvetica,sans-serif;font-size:15px;vertical-align:baseline;box-sizing:inherit;clear:both;color:rgb(36,39,41)">Greetings to the Squid community!</p><p style="margin:0px 0px 1em;padding:0px;border:0px;font-variant-ligatures:normal;font-variant-numeric:inherit;font-variant-east-asian:inherit;font-stretch:inherit;line-height:inherit;font-family:Arial,"Helvetica Neue",Helvetica,sans-serif;font-size:15px;vertical-align:baseline;box-sizing:inherit;clear:both;color:rgb(36,39,41)">I would like to get the recommendation on how to configure Squid (latest version) with client SSL termination.</p><p style="margin:0px 0px 1em;padding:0px;border:0px;font-variant-ligatures:normal;font-variant-numeric:inherit;font-variant-east-asian:inherit;font-stretch:inherit;line-height:inherit;font-family:Arial,"Helvetica Neue",Helvetica,sans-serif;font-size:15px;vertical-align:baseline;box-sizing:inherit;clear:both;color:rgb(36,39,41)">The requirement is to provide proxy access to the internet for the client who has no ability to install a custom CA certificate.</p><p style="margin:0px 0px 1em;padding:0px;border:0px;font-variant-ligatures:normal;font-variant-numeric:inherit;font-variant-east-asian:inherit;font-stretch:inherit;line-height:inherit;font-family:Arial,"Helvetica Neue",Helvetica,sans-serif;font-size:15px;vertical-align:baseline;box-sizing:inherit;clear:both;color:rgb(36,39,41)">Following the documentation <a href="https://wiki.squid-cache.org/Features/HTTPS#Encrypted_browser-Squid_connection" rel="nofollow noreferrer" style="margin:0px;padding:0px;border:0px;font-style:inherit;font-variant-ligatures:inherit;font-variant-caps:inherit;font-variant-numeric:inherit;font-variant-alternates:inherit;font-variant-east-asian:inherit;font-stretch:inherit;line-height:inherit;font-family:inherit;vertical-align:baseline;box-sizing:inherit">here</a>, it is possible to use HTTPS for the browser-proxy connection the same way as HTTP.</p><p style="margin:0px 0px 1em;padding:0px;border:0px;font-variant-ligatures:normal;font-variant-numeric:inherit;font-variant-east-asian:inherit;font-stretch:inherit;line-height:inherit;font-family:Arial,"Helvetica Neue",Helvetica,sans-serif;font-size:15px;vertical-align:baseline;box-sizing:inherit;clear:both;color:rgb(36,39,41)">However, the only way to <a href="https://wiki.squid-cache.org/ConfigExamples/Intercept/SslBumpExplicit" rel="nofollow noreferrer" style="margin:0px;padding:0px;border:0px;font-style:inherit;font-variant-ligatures:inherit;font-variant-caps:inherit;font-variant-numeric:inherit;font-variant-alternates:inherit;font-variant-east-asian:inherit;font-stretch:inherit;line-height:inherit;font-family:inherit;vertical-align:baseline;box-sizing:inherit">achieve that</a> is to use SSL Interception with self-signed CA certificate, which cannot work in my case.</p><p style="margin:0px 0px 1em;padding:0px;border:0px;font-variant-ligatures:normal;font-variant-numeric:inherit;font-variant-east-asian:inherit;font-stretch:inherit;line-height:inherit;font-family:Arial,"Helvetica Neue",Helvetica,sans-serif;font-size:15px;vertical-align:baseline;box-sizing:inherit;clear:both;color:rgb(36,39,41)">Can someone please advise?</p><p style="margin:0px 0px 1em;padding:0px;border:0px;font-variant-ligatures:normal;font-variant-numeric:inherit;font-variant-east-asian:inherit;font-stretch:inherit;line-height:inherit;font-family:Arial,"Helvetica Neue",Helvetica,sans-serif;font-size:15px;vertical-align:baseline;box-sizing:inherit;clear:both;color:rgb(36,39,41)">Thank you!</p></div></div>