Squid allows the use of https_port to specify a port that it will accept proxy requests over SSL.

An example is as follows in the squid.conf file:

https_port 8123 cert=/etc/pki/tls/private/squid.pem

I am using port 8123 as it is already a port allowed under the default SELinux installation on Red Hat Enterprise Linux. The cert instruction is the path to the SSL cert in PEM format. If you do not specify the key Squid assumes it is bundled in the SSL cert PEM file.

Don’t forget to open the firewall port.

At present Firefox and Chrome support connecting to the squid proxy over SSL, though one must use a pac file at the moment rather than the internal application settings.

An example pac file looks like:

cat /var/www/html/wpad.pac
function FindProxyForURL(url, host) {
return “HTTPS proxy.example.com:8123;”

You can then stick the pac file on a friendly web server or on your local file system and point the web browser in the configuration settings.

You can also launch chrome from the command line on mac with the following settings:

open ./Google\ Chrome.app  –args –proxy-server=https://proxy.example.com:8123

Windows will take similar settings details here:


Check your proxy logs to ensure that the proxy is functioning.

PLEASE NOTE: Chrome and Firefox will not take the secure proxy settings in their application configuration settings. They require the use of a proxy.pac / wpad.dat file to function. If you configure the secure proxy in the application settings the web browser will fail to connect and throw an error.