Squid SSL intercept works for most google sites but not www.google.com

Craig asked:

I am able to access pretty much all of Google’s .co.uk services now that I have configured squid to use SSL. I can also view my certificate information in the certificate being presented by Google. However, if I navigate to www.google.com, I get a ERR_CERT_INVALID being reported by Chrome. Why does it work for some but not others?

My answer:

Google Chrome treats google.com and some related domains specially. As mentioned in its Root Certificate Policy:

Chrome has extra checks built in for accessing Google sites, and displayed a warning to the user.

SSL bump is supposed to work properly if you have imported Squid’s CA certificate into Google Chrome or the operating system’s store. On Windows, certificates should be imported into Trusted Root Certification Authorities; there are special instructions for the Chromebook.

If this doesn’t work, you have probably run into a bug in Google Chrome, but you should double check that squid’s root certificate was imported correctly.

View the full question and answer on Server Fault.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.