The Un-Official Proxomitron Forum

Full Version: invalid security certificate
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
got a new message in firefox on a corporate work system with proxo and sidki's latest config file set

am apparently unable to update adblock ?

message popup:

easylist-downloads.adblockplus.org:443 uses an invalid security certificate

only valid for proxomitron
expired on 5/8/2004
I don't know Adblock.
I'll guess that something in Firefox is requesting https://easylist-downloads.adblockplus.org/easylist.txt and the expired or unexpected Proxomitron certificate is the problem.
Try adding
easylist-downloads.adblockplus.org:
to "Bypass List.txt"
Consider updating the Proxomitron's certificate, proxcert.zip at http://proxomitron.info/files/index.html .
http://prxbx.com/forums/showthread.php?tid=1713

HTH
i've personally been unable to figure out why my browser whines about SSL certificates on one day and not the next...

or why Proxo "seems to" always whine about SSL certs only on a first-access to My Yahoo during a Proxo "session"...

the dang SSL whinings are so inconsistent that i wrote an AutoIt script that constantly runs in the systray and clicks the allow/ignore button on the cert whinings "for me"...

truth be told, i wish there was a registry setting in Win XP to *NOT* do the STUPID ssl-check CRAP! yes, i realize that the "cert check" is for our "security", but i don't give a crap about 'em... the stupid things are nothing but a kid crying wolf "constantly"... by the time a "real" wolf comes along, NOBODY IS LISTENING ANYMORE...

so are the "cert checks" *really* making us more "secure"?
or are they so CONSTANTLY in our face that we IGNORE them *all* anyway?
(Jun. 21, 2011 11:35 PM)ProxRocks Wrote: [ -> ]i've personally been unable to figure out why my browser whines about SSL certificates on one day and not the next...
caused by mischievous aliens, usually. Smile!
(Jun. 21, 2011 11:35 PM)ProxRocks Wrote: [ -> ]or why Proxo "seems to" always whine about SSL certs only on a first-access to My Yahoo during a Proxo "session"...
i think because yahoo uses ssl only at login. (if you look as Proxomitron's log window or http://local.ptron/.pinfo/urls/, you should see some of yahoo's many domains.)

I've noticed that the browser "sees" some https domains, but rejects them instead of offering the warning. I've noticed this when stylesheets seem to not be loaded on a https web page.
I wonder if this is related to Proxomitron as software filtering only certain file types (mime). As example, if images load from https domains, Proxomitron>browser setup has no way to alert user. I'm just guessing at this.

(Jun. 21, 2011 11:35 PM)ProxRocks Wrote: [ -> ]the dang SSL whinings are so inconsistent that i wrote an AutoIt script that constantly runs in the systray and clicks the allow/ignore button on the cert whinings "for me"...

truth be told, i wish there was a registry setting in Win XP to *NOT* do the STUPID ssl-check CRAP! yes, i realize that the "cert check" is for our "security", but i don't give a crap about 'em... the stupid things are nothing but a kid crying wolf "constantly"... by the time a "real" wolf comes along, NOBODY IS LISTENING ANYMORE...

so are the "cert checks" *really* making us more "secure"?
or are they so CONSTANTLY in our face that we IGNORE them *all* anyway?
afaik (big "as far as i know"), cert tells a browser that the server uses certain encryption(but doesn't browser independently know this, via browser's de/en-crypting code?)
the other benefit is site "trusted reputation" by certificate authorities. but this has been subject to 'social engineering', i think (search for certificate fraud)
Recently I've been seeing "expired" warnings.
I also noticed that the 'expired' certificate alert comes up only infrequently. this is another mystery.

i don't recall where i got this expired proxcert.pem, but I guess sidki download?

so, i used sidkis make-cert batch.
i left most defaults of the openssl options (they're preset in sidki's cnf file).
the only option i wondered about was state name and country name. I think US is "safest" choice for anonymity, and I think choosing high population state would be best. otoh, maybe this doesn't matter, if nobody sees this info except the Proxomitron user.
Reference URL's