ProxHTTPSProxyMII: Reloaded
|
May. 13, 2018, 06:16 AM
(This post was last modified: May. 15, 2018 05:10 AM by ryszardzonk.)
Post: #220
|
|||
|
|||
RE: ProxHTTPSProxyMII: Reloaded
(May. 12, 2018 04:28 PM)JJoe Wrote:What I have said has been right but only partially. The issues appeared the same in Chrome and in Edge, but not on Firefox on Windows 10. Everything was due to certificate installation which behave differently on those programs.(May. 12, 2018 05:40 AM)ryszardzonk Wrote: EDIT: Those security alerts come from Chrome on Windows which does its own security checks and is not satisfied with certificates issued by ProxHTTPSProxyMII. What I did is: I do have apache running I edited CA.crt file to remove private key from it and placed it on the local www site. Then when clicking in Firefox (both Windows and Linux) 192.168.1.1/CA.crt it properly installed for that browser. It went fine also for Chrome in Android. Chrome and Edge on Windows 10 however did not use internal browser repository, but used systems Certificate Installation creator. According to default settings used (Automatically select the certificate store based on the type of certificate) the creator had everything installed properly. I do not know if system deleted it, misplaced or did not used, but the result has been those security checks and certificate verification errors. To fix it I installed it not in the default store by clicking the certificate, but with this steps http://community.lightspeedsystems.com/d...indows-10/ ProxHTTPSProxyMII certificate authority all the sudden started working for both Edge and Chrome. EDIT: It turned out that my biggest problem running ProxHTTPSProxyMII was that my serwer and my client machine where running with unsynchronized clocks and my client's clock was behind servers by about 35 seconds. That have led to the number of logs showing every single time new website was reached for browsing Quote:[SSL: SSLV3_ALERT_BAD_CERTIFICATE] sslv3 alert bad certificate (_ssl.c:2091)" while trying to establish local SSL tunnel for [younameit.com:443]and warnings about improper certificate for the website in the client's web browsers. Looking closely at one of the warnings I noticed that it was certificate that was created by ProxHTTPSProxyMII which few seconds later without me doing anything got accepted. Why? It was according to my client created certificate was from the future therefore not yet valid... |
|||
« Next Oldest | Next Newest »
|