The Un-Official Proxomitron Forum

Full Version: proxcert.pem expired?
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
Pages: 1 2
proxcert150101.zip files should be good to 2016.01.01
proxcert2025_01_25.zip files may be good till 2025.01.25 Cheers

proxcert150101 pem built by Sidki's "Roll-Your-Own-ProxCert" proxcert generator,
http://sidki.proxfilter.net/prox-ssl.html

Converted to proxcert.crt by Firefox.

Both zips contain
proxcert.pem for the Proxomitron and browsers that import pem files.
proxcert.crt for browsers that import crt files, like Internet Explorer 10.

Edit: Added proxcert2025_01_25.zip
Edit: Another year another file (106)(89)
Edit: Adding proxcert140101crt.zip for IE
Edit: Another year another file (105), dead link http://sidki.host22.com/prox-ssl.html.
Edit: Another year another file (97).
Edit: Another year another file (117).
Edit: Another year another file.

Have fun!
You can make your own proxcert file with makeproxcert.zip. I have been using it and it is easy to use.
Thanks, i'll update / request updating on the relevant sites this week-end.
(Sep. 17, 2009 03:59 PM)JJoe Wrote: [ -> ]Attached should be good through 100916

with this file, i get this error:
Code:
---- Certificate Errors ----
SSL Verify: [1:20769056] error number 20769056
SSL Verify: [1:20769056] error number 20769056
SSL Verify: [1:20769056] error number 20769056

---- Certificate Info ----/1.3.6.1.4.1.311.60.2.1.3=US/1.3.6.1.4.1.311.60.2.1.2=Delaware/2.5.4.15=V1.0, Clause 5.(b)/serialNumber=2154254
C=US/postalCode=10043
ST=New York
L=New York/streetAddress=399 Park Avenue
O=Citigroup Inc.
OU=gtcbweb4-www
CN=www.citibank.com

Begins:    2009-06-16 00:00 GMT
Expires:    2011-06-16 23:59 GMT

when i visit this site: https://www.citibank.com/us/cards/index.jsp

i do NOT get the above error when using the "older" cert file (dated 9/23/08)...
I don't see how one site cert (e.g. Proxomitron's) could ever influence another site cert (e.g. www.citibank.com).

So i guess the problem you're seeing is caused by something else.
all i know is with the "older" cert, i do NOT get the error and with the "newer" on i DO (so i'm obviously sticking with the "older")...

not saying it makes sense, just saying that the cert is the ONLY variable being changed - i change file names to activate one versus the other while Proxo is closed, i open Proxo and go to that site, error with one, no error with the other...


not saying it makes sense, just reporting precisely what is happening Big Teeth
i don't recall "where" the 9/23/08 cert came from, to be honest, i just know that it "works" Smile!
(Oct. 07, 2009 12:06 PM)ProxRocks Wrote: [ -> ]when i visit this site: https://www.citibank.com/us/cards/index.jsp

i do NOT get the above error when using the "older" cert file (dated 9/23/08)...

Does this happen every time?
Are you using half-ssl?

The first time I loaded http://https..www.citibank.com/us/cards/index.jsp, I saw an error like this.
The error that I saw was from the Proxomitron complaining about the site's certificate.
The Proxomitron had been running for a while and had seen other HTTPS.
I have not seen it since on any machine, in any browser, with any proxcert.pem.
I have seen similar errors in the past with other proxcerts.

I don't think Proxo will do half-ssl without proxcert.pem but

http://www.proxomitron.info/45/docs/readme.txt Wrote:However it's only used for the
connection between Proxomitron and your web browser - the connection
between Proxomitron and the remote site relies on the site's certificate
not Proxomitron's.

So... I don't know.

Quote:i open Proxo and go to that site, error with one, no error with the other...

I believe there is another proxcert.pem at
http://www.proxomitron.info/files/index.html

Quote:i don't recall "where" the 9/23/08 cert came from

Try creating your own.
i'm about 80% sure that it IS one that i created (using Windows 2000, not XP, if i recall correctly, anything i "tried" to "roll" in XP kept flagging errors if memory serves)...

i only get the error the FIRST visit to that site...
but CLOSE proxo and re-open, the error returns for the FIRST visit even after other SSL sites were okay, it seems to be ONLY with that site out of close to FOUR DOZEN secure sites that i use...


what perhaps is more intriguing is that the "old" one is 'supposed to be' EXPIRED, but i'm NOT getting ANY error dialogs indicating that it is "expired" - so for all i know, i can stick with it for the next DECADE, lol...
(Oct. 07, 2009 07:26 PM)JJoe Wrote: [ -> ]I believe there is another proxcert.pem at
http://www.proxomitron.info/files/index.html

this one works with no errors popping up...
i'll run it for a few days and see if "all is well"...
(Oct. 07, 2009 07:36 PM)ProxRocks Wrote: [ -> ]what perhaps is more intriguing is that the "old" one is 'supposed to be' EXPIRED, but i'm NOT getting ANY error dialogs indicating that it is "expired" - so for all i know, i can stick with it for the next DECADE, lol...

May I/we have a copy?

The proxcert that I uploaded was created in win98se, fwiw.

Should also mention, another prox-list member added one to the list's files.
attached is my 9/23/08 proxcert.pem...
i'm pretty sure i rolled it myself, but honestly not 100% sure of that...
i recall doing "tons" of trial-and-error cert-stuff a year ago just for kicks-and-giggles...
and i recall that the OS i rolled from seemed to effect the outputted file...

my certs.pem (also attached) is dated 2/19/2007, perhaps that is also worth mentioning as Proxomitron.Info is hosting one dated 10/1/2006 (the datestamp within the .zip)...


before any of you-all updated your proxcert.pem, did you get any dialogs saying it was "expired" ???
i've NEVER seen any dialogs saying mine was expired, so i'm wondering if that is browser-specific (i'm using GreenBrowser shelling IE8)...
(Oct. 08, 2009 12:13 PM)ProxRocks Wrote: [ -> ]before any of you-all updated your proxcert.pem, did you get any dialogs saying it was "expired" ???
i've NEVER seen any dialogs saying mine was expired, so i'm wondering if that is browser-specific (i'm using GreenBrowser shelling IE8)...

Yep. Yours also generates the error for me.
Half-ssl should hide this error. The browser never sees the expired proxcert with half-ssl.

Don't have GreenBrowser.

Curious...

Edit for spelling
ah... i half-ssl "all" the time, so i guess that explains it...

what still ponders me is that while half-ssl'ing and swapping out different proxcert's, some certs give errors when visiting some ssl sites and some don't...

guess i'd rather have an OUTDATED on coupled with half-ssl and NOT get these errors...


sounds to me that with half-ssl, we don't "care" if the cert is expired or not, so that's good news to me, that tells me i can still be using proxo another decade from now...
(Oct. 08, 2009 05:55 PM)ProxRocks Wrote: [ -> ]what still ponders me is that while half-ssl'ing and swapping out different proxcert's, some certs give errors when visiting some ssl sites and some don't...

That makes 3 of us. Wink

(Oct. 08, 2009 05:55 PM)ProxRocks Wrote: [ -> ]sounds to me that with half-ssl, we don't "care" if the cert is expired or not, so that's good news to me, that tells me i can still be using proxo another decade from now...

I will be a little surprised, if the current https scheme lasts that long.
(Oct. 08, 2009 06:30 PM)JJoe Wrote: [ -> ]I will be a little surprised, if the current https scheme lasts that long.

that's what worries me...
in that there is absolutely no replacement for Proxo...

the on-the-fly html-rewrite ability is a can't-live-without...
i'll go back to ARPNET before surfing without Proxo !!!
Pages: 1 2
Reference URL's