diff --git a/packaging/Dockerfile b/packaging/Dockerfile
index cf40e79..e97ef2d 100644
--- a/packaging/Dockerfile
+++ b/packaging/Dockerfile
@@ -6,6 +6,9 @@ FROM --platform=linux/${DOCKER_ARCH} alpine:latest
 #
 ARG http_proxy_hostname
 COPY ./squid/mitm-myself.sh /root
+# This step is just to force rerun of the mitm config when the key changes,
+# e.g. when the squid image is rebuilt.
+COPY ./squid/squid-ca.pem /tmp
 RUN /root/mitm-myself.sh ${http_proxy_hostname}
 
 ARG http_proxy
diff --git a/packaging/squid/.gitignore b/packaging/squid/.gitignore
new file mode 100644
index 0000000..8514d4a
--- /dev/null
+++ b/packaging/squid/.gitignore
@@ -0,0 +1 @@
+squid-ca.pem
diff --git a/packaging/squid/start.sh b/packaging/squid/start.sh
index 6e46bdd..15b0048 100755
--- a/packaging/squid/start.sh
+++ b/packaging/squid/start.sh
@@ -1,5 +1,7 @@
 #!/bin/sh
 docker buildx build -t synit-squid "$(dirname "$0")"
+docker run --rm --name fetch-squid-cert synit-squid cat /etc/ssl/certs/squid-ca.pem \
+       > squid-ca.pem
 docker run -it --rm \
        -p 3127:3127 \
        -p 3128:3128 \