Post Reply 
ProxoReborn SSL certificate verification error
Jun. 09, 2020, 10:14 AM (This post was last modified: Jun. 09, 2020 10:17 AM by referrer.)
Post: #1
ProxoReborn SSL certificate verification error
Hey guys, I keep getting a proxoR ssl certficate verification error when visit
https://forum.palemoon.org/
or
https://www.solidot.org/

The pop window shows
Code:
---- Certificate Errors ----
SSL Verify: [3:10] certificate has expired
SSL Verify: [2:10] certificate has expired

---- Certificate Info ----
CN=*.palemoon.org

Begins:    2020-02-24 00:00 GMT
Expires:    2021-12-01 23:59 GMT

These started about two week ago I guess.
Is this a bug or something else and how can I fix this.
Add Thank You Quote this message in a reply
Jun. 09, 2020, 01:39 PM
Post: #2
RE: ProxoReborn SSL certificate verification error
The root cert has probably expired, you can get a newer set here: https://curl.haxx.se/docs/caextract.html

Rename to certs.pem and put in same directory as proxo.exe.
Add Thank You Quote this message in a reply
Jun. 09, 2020, 04:08 PM
Post: #3
RE: ProxoReborn SSL certificate verification error
Using the lastest version of certs.pem(Wed Jan 1 04:12:10 2020 GMT) but nothing has changed.
Still get the "certificate has expired" error.
Add Thank You Quote this message in a reply
Jun. 09, 2020, 07:06 PM (This post was last modified: Jun. 09, 2020 07:12 PM by JJoe.)
Post: #4
RE: ProxoReborn SSL certificate verification error
I see it.

The error is displayed for certs that use "SCT List".

The error dialog shows unexpected characters where I think the SCT list values should be.

.jpg  CertErrorSCTList.jpg (Size: 31.6 KB / Downloads: 39)

There are 'expired' dates in SCT List. Could the routine be confused by them...
Add Thank You Quote this message in a reply
[-] The following 2 users say Thank You to JJoe for this post:
referrer, defconnect
Jun. 10, 2020, 01:39 AM
Post: #5
RE: ProxoReborn SSL certificate verification error
Server is sending expired root...

https://www.agwa.name/blog/post/fixing_t...expiration

Workaround for client is to remove the "AddTrust External CA Root" from the list of trusted roots, i.e. open certs.pem, search for "AddTrust External Root" and delete it, then save and restart proxo.

Then sites which send other valid cert chains will work, and those which used only the expired root will still show the warning (no change from before.)
Add Thank You Quote this message in a reply
[-] The following 2 users say Thank You to amy for this post:
referrer, defconnect
Jun. 10, 2020, 02:04 AM
Post: #6
RE: ProxoReborn SSL certificate verification error
That did it.

Thanks again. Smile!

(Jun. 10, 2020 01:39 AM)amy Wrote:  Workaround for client is to remove the "AddTrust External CA Root" from the list of trusted roots, i.e. open certs.pem, search for "AddTrust External Root" and delete it, then save and restart proxo.
Add Thank You Quote this message in a reply
Jun. 10, 2020, 03:05 AM
Post: #7
RE: ProxoReborn SSL certificate verification error
Problem solved.
Thank you both.Smile!
Add Thank You Quote this message in a reply
Post Reply 


Forum Jump: