Why Apple AppStore does not work with SSL Bump?

After I enable HTTPS filtering (SSL Bump) on Squid the Apple AppStore stops working on iPhone / iPad / MacOS. Why?

The AppStore application in IOS (iPhone, iPad, MacOS) uses SSL Certificate Pinning, it means the application knows what certificate to expect when accessing AppStore. When you enable SSL Bump of HTTPS connections Squid replaces the default certificate with a ‘mimicked’ one; the application detects that and refuses to function.

In order to exclude AppStore from HTTPS filtering add the following domain names to UI / Squid / Exclusions / Domain Name. Click ‘Save and Restart’ green button in the top right corner afterwards. These exclusions should work both in explicit proxy and WCCP transparent redirection deployment scenarios.