@techbee:
What I understood was, if I choose splice all, I dont need to install the CA cert to clients, am I right?
Yes, that's it.
@techbee:
On the other hand, I dont know how to push dns suffix using dhcp or maybe I get it the wrong way.
take a look or search for dns dhcp options. BTW, if you're going to configure squid splice all, it can be in transparent mode. this way, you do not need a wpad file. Mobile devices ignores wpad configuration too.