How i can find what is the problematic CA?
On the cache.log i have hundreds of this (aroung 10 per second), but in the
access.log i have really few TCP_DENIED connections or in general other
errors that can indicate what's causing that problem.
Maybe i've spotted what was. Trendmicro Antivirus (cloud version). Was
generating a lot of TCP_MISS with status code 200. Added the domain
.trendmicro.com to the "not bumped" domains (with some microsoft domains
used for the update processes) and the cache file is sooooo much clean!