+- The Un-Official Proxomitron Forum (https://www.prxbx.com/forums)
+-- Forum: Forum Related (/forumdisplay.php?fid=37)
+--- Forum: Proxomitron Program (/forumdisplay.php?fid=4)
+--- Thread: ProxoReborn SSL certificate verification error (/showthread.php?tid=2381)
ProxoReborn SSL certificate verification error - referrer - Jun. 09, 2020 10:14 AM
Hey guys, I keep getting a proxoR ssl certficate verification error when visit
https://forum.palemoon.org/
or
https://www.solidot.org/
The pop window shows
Code:
---- Certificate Errors ----
SSL Verify: [3:10] certificate has expired
SSL Verify: [2:10] certificate has expired
---- Certificate Info ----
CN=*.palemoon.org
Begins: 2020-02-24 00:00 GMT
Expires: 2021-12-01 23:59 GMTThese started about two week ago I guess.
Is this a bug or something else and how can I fix this.
RE: ProxoReborn SSL certificate verification error - amy - Jun. 09, 2020 01:39 PM
The root cert has probably expired, you can get a newer set here: https://curl.haxx.se/docs/caextract.html
Rename to certs.pem and put in same directory as proxo.exe.
RE: ProxoReborn SSL certificate verification error - referrer - Jun. 09, 2020 04:08 PM
Using the lastest version of certs.pem(Wed Jan 1 04:12:10 2020 GMT) but nothing has changed.
Still get the "certificate has expired" error.
RE: ProxoReborn SSL certificate verification error - JJoe - Jun. 09, 2020 07:06 PM
I see it.
The error is displayed for certs that use "SCT List".
The error dialog shows unexpected characters where I think the SCT list values should be.
[attachment=1102]
There are 'expired' dates in SCT List. Could the routine be confused by them...
RE: ProxoReborn SSL certificate verification error - amy - Jun. 10, 2020 01:39 AM
Server is sending expired root...
https://www.agwa.name/blog/post/fixing_the_addtrust_root_expiration
Workaround for client is to remove the "AddTrust External CA Root" from the list of trusted roots, i.e. open certs.pem, search for "AddTrust External Root" and delete it, then save and restart proxo.
Then sites which send other valid cert chains will work, and those which used only the expired root will still show the warning (no change from before.)
RE: ProxoReborn SSL certificate verification error - JJoe - Jun. 10, 2020 02:04 AM
That did it.
Thanks again.
(Jun. 10, 2020 01:39 AM)amy Wrote: Workaround for client is to remove the "AddTrust External CA Root" from the list of trusted roots, i.e. open certs.pem, search for "AddTrust External Root" and delete it, then save and restart proxo.
RE: ProxoReborn SSL certificate verification error - referrer - Jun. 10, 2020 03:05 AM
Problem solved.
Thank you both.