How to make WhatsApp work with Squid

After I enable HTTPS filtering (SSL Bump) on Squid the WhatsApp client application stops working. Why?

The WhatsApp application uses SSL Certificate Pinning, it means the application knows what certificate to expect when accessing remote WhatsApp servers. When you enable SSL Bump of HTTPS connections Squid replaces the default certificate with a ‘mimicked’ one; the application detects that and refuses to function.

In order to exclude WhatsApp from HTTPS filtering add the following domain name to UI / Squid / Exclusions / Domain Name. Click ‘Save and Restart’ green button in the top right corner afterwards. These exclusions should work both in explicit proxy and WCCP transparent redirection deployment scenarios.

.whatsapp.com
.whatsapp.net