Instructions and some of the files used to create current certs.pem for The Proxomitron. The binaries were compiled from the GPL'ed OpenSSL sources by sidki, see http://www.openssl.org/ and http://sidki.proxfilter.net/prox.html . Have fun, JJoe Assuming a windows operating system with current complete Microsoft issued certificate list: * Under the control panel go to... Internet Options->Content->Certificates * Go to the "Trusted Root Certification Authorities" tab * Select "Advanced" * Check *only* "Server Authentication" * "Export Format" should be PCKS #7 * exit back to certificates tab * Pick from the drop-down selector at the top of the "Certificate manager" tab * Select all the certificates left in the tab's listbox and click "Export" However, those issued to "Microsoft Root Certificate Authority" will need to be removed later, if extracted. * Follow through and save the certs to "certs.p7b" * Add "certs.p7b" to the "make-certspem" folder. * Run "make-certspem.bat". There should now be a "certs.pem" file in the "make-certspem" folder. * Use an editor to remove the certificates issued to "Microsoft Root Certificate Authority" from "certs.pem", if necessary. * Rename the old "certs.pem" in the Proxomitron's folder. * Add the new "certs.pem" to the Proxomitron's folder. * You should be done. ________________________________________________________________________________ Even more... If no bat file, try the following at the command prompt. openssl pkcs7 -inform DER -outform PEM -in certs.p7b -out certs.pem -print_certs Remove certs issued by Microsoft Root Certificate Authority like: subject=/C=US/ST=Washington/L=Redmond/O=Microsoft Corporation/CN=Microsoft Root Certificate Authority 2011 issuer=/C=US/ST=Washington/L=Redmond/O=Microsoft Corporation/CN=Microsoft Root Certificate Authority 2011 subject=/C=US/ST=Washington/L=Redmond/O=Microsoft Corporation/CN=Microsoft Root Certificate Authority 2010 issuer=/C=US/ST=Washington/L=Redmond/O=Microsoft Corporation/CN=Microsoft Root Certificate Authority 2010 subject=/DC=com/DC=microsoft/CN=Microsoft Root Certificate Authority issuer=/DC=com/DC=microsoft/CN=Microsoft Root Certificate Authority Keep or add: subject=/OU=Copyright (c) 1997 Microsoft Corp./OU=Microsoft Corporation/CN=Microsoft Root Authority issuer=/OU=Copyright (c) 1997 Microsoft Corp./OU=Microsoft Corporation/CN=Microsoft Root Authority -----BEGIN CERTIFICATE----- MIIEEjCCAvqgAwIBAgIPAMEAizw8iBHRPvZj7N9AMA0GCSqGSIb3DQEBBAUAMHAx KzApBgNVBAsTIkNvcHlyaWdodCAoYykgMTk5NyBNaWNyb3NvZnQgQ29ycC4xHjAc BgNVBAsTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEhMB8GA1UEAxMYTWljcm9zb2Z0 IFJvb3QgQXV0aG9yaXR5MB4XDTk3MDExMDA3MDAwMFoXDTIwMTIzMTA3MDAwMFow cDErMCkGA1UECxMiQ29weXJpZ2h0IChjKSAxOTk3IE1pY3Jvc29mdCBDb3JwLjEe MBwGA1UECxMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMSEwHwYDVQQDExhNaWNyb3Nv ZnQgUm9vdCBBdXRob3JpdHkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB AQCpAr3BcOY78k4bKJ+XeF4w6qKpjSVf+P6VTKO3/p2iID58UaKboo9gMmvRQmR5 7qx2yVTa8uuchhyPn4Rms8VremIj1h083g8BkuiWxL8tZpqaaCaZ0Dosvwy1WCbB RucKPjiWLKkoOajsSYNC44QPu5psVWGsgnyhYC13TOmZtGQ7mlAcMQgkFJ+p55Er GOY9mGMUYFgFZZ8dN1KH96fvlALGG9O/VUWziYC/OuxUlE6u/ad6bXROrxjMlgko IQBXkGBpN7tLEgc8Vv9b+6RmCgim0oFWV++2O14WgXcE2va+roCV/rDNf9anGnJc PMq88AijIjCzBoXJsyB3E4XfAgMBAAGjgagwgaUwgaIGA1UdAQSBmjCBl4AQW9Bw 72lyniNRfhSyTY7/y6FyMHAxKzApBgNVBAsTIkNvcHlyaWdodCAoYykgMTk5NyBN aWNyb3NvZnQgQ29ycC4xHjAcBgNVBAsTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEh MB8GA1UEAxMYTWljcm9zb2Z0IFJvb3QgQXV0aG9yaXR5gg8AwQCLPDyIEdE+9mPs 30AwDQYJKoZIhvcNAQEEBQADggEBAJXoC8CN85cYNe24ASTYdxHzXGAyn54Lyz4F kYiPyTrmIfLwV5MstaBHyGLv/NfMOztaqTZUaf4kbT/JzKreBXzdMY09nxBwarv+ Ek8YacD80EPjEVogT+pie6+qGcgrNyUtvmWhEoolD2Oj91Qc+SHJ1hXzUqxuQzIH /YIX+OVnbA1R9r3xUse958Qw/CAxCYgdlSkaTdUdAqXxgOADtFv0sd3IV+5lScdS VLa0AygS/5DW8AiPfriXxas3LOR65Kh343agANBqP8HSNorgQRKoNWobats14dQc BOSoRQTIWjM4bk0cDWK3CqKM09VUP0bNHFWmcNsSOoeTdZ+n0qA= -----END CERTIFICATE----- ________________________________________________________________________________ Scott R Lemmons words follow for proper attribution and respect: [quote from http://www.proxomitron.info/45/docs/readme.txt ] By default a list of some of the more common authorities is included (VeriSign, Thawte, and the like). A more complete file can be extracted from the database IE uses. It's possible to use OpenSSL to convert these into the PEM format used by OpenSSL. First extract the ones to convert... * Under the control panel go to... Internet Options->Content->Certificates * Go to the "Trusted Root Certification Authorities" tab * Select "Advanced" * Check *only* "Server Authentication" * "Export Format" should be PCKS #7 * exit back to certificates tab * Pick from the drop-down selector at the top of the "Certificate manager" tab * Select all the certificates left in the tab's listbox and click "Export" * Follow through and select a file to save the certs under Now convert to PEM... * Next run OpenSSL with the following command line and cross your fingers... openssl pkcs7 -inform DER -outform PEM -in ie-export-filename.p7b -out certs.pem -print_certs (note that's all one line - ignore the line breaks) You should now have an OpenSSL compatible format of IE's cert list! Keep in mind certificates are just used to help insure your actually connecting to the site you think you are and not some "spoofed" site. Whether they actually do this or not is debatable. Many sites (especially smaller ones) may not be using properly "signed" certificates, but this doesn't mean your connection is not as encrypted. Really all it means is they didn't cough up some money for VeriSign's official stamp of approval. Likewise, a valid certificate is no guarantee a site won't rip you off - you must still be careful before trusting a site with sensitive data. Still, that being said, it's always safer to connect in pass-thru mode (see below) in cases where security is critical. [/quote]