diff --git a/.drone/drone-home.jsonnet b/.drone/drone-home.jsonnet
index 7eb4ee8..ef1c4e7 100644
--- a/.drone/drone-home.jsonnet
+++ b/.drone/drone-home.jsonnet
@@ -83,8 +83,8 @@ local publicSecrets = import 'lib/public-secrets.libsonnet';
               'set -e',
               "docker network prune -f",
               "cd /stack/squid/myCA",
-              'openssl genrsa -out CA_key.pem 2048',
-              'openssl req -x509 -days 600 -new -nodes -key CA_key.pem -out CA_crt.pem -extensions v3_ca -config openssl.cnf    -subj "/C=US/ST=California/L=Mountain View/O=Google/OU=Enterprise/CN=MyCA"',
+              //'openssl genrsa -out CA_key.pem 2048',
+              //'openssl req -x509 -days 600 -new -nodes -key CA_key.pem -out CA_crt.pem -extensions v3_ca -config openssl.cnf    -subj "/C=US/ST=California/L=Mountain View/O=Google/OU=Enterprise/CN=MyCA"',
               'cd ..',
               "docker stack rm squid",
               "sleep 60",
diff --git a/.drone/drone-home.yml b/.drone/drone-home.yml
index 3cc0611..06ee2c2 100644
--- a/.drone/drone-home.yml
+++ b/.drone/drone-home.yml
@@ -50,8 +50,6 @@ steps:
     - set -e
     - docker network prune -f
     - cd /stack/squid/myCA
-    - openssl genrsa -out CA_key.pem 2048
-    - openssl req -x509 -days 600 -new -nodes -key CA_key.pem -out CA_crt.pem -extensions v3_ca -config openssl.cnf    -subj "/C=US/ST=California/L=Mountain View/O=Google/OU=Enterprise/CN=MyCA"
     - cd ..
     - docker stack rm squid
     - sleep 60
diff --git a/docker-compose.yml b/docker-compose.yml
index 97251be..ffeb08d 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -15,6 +15,7 @@ services:
       - ./myCA/CA_key.pem:/apps/CA_key.pem      
     ports:
       - 3128:3128
+      - 3129:3129
     networks:
       - appnet
       - externalnet
diff --git a/docker/squid.intercept.conf b/docker/squid.intercept.conf
index 06f5e2e..440d04e 100644
--- a/docker/squid.intercept.conf
+++ b/docker/squid.intercept.conf
@@ -29,6 +29,7 @@ htcp_access deny all
 visible_hostname git.local-domain
 
 http_port 3128 ssl-bump generate-host-certificates=on cert=/apps/CA_crt.pem key=/apps/CA_key.pem options=NO_SSLv3 dhparams=/apps/dhparam.pem
+https_port 3129 ssl-bump generate-host-certificates=on cert=/apps/CA_crt.pem key=/apps/CA_key.pem options=NO_SSLv3 dhparams=/apps/dhparam.pem
 
 always_direct allow all
 acl excluded_sites ssl::server_name .wellsfargo.com