browsermob-proxy
browsermob-proxy copied to clipboard
lightbody
The certificate has expired. How can I obtain a new one?
I have the same problem. I am using the python version of browsermob proxy. Apparently in the python version there is no way to set up new ssl certificates.
I've found out how to generate certificates. https://github.com/lightbody/browsermob-proxy/tree/master/mitm
I've found out how to generate certificates. https://github.com/lightbody/browsermob-proxy/tree/master/mitm
Is it possible to share exact steps not sure if I am doing correct when I followed above link.
Can you share the steps, how to generate new certificate (ca-certificate-ec.cer) or anyone generated new certificate. Can you share to me?
Hi @workcheng , Shared Certificate is not working. When i set the proxy. Getting Server Error. This certificate worked fine for last 3 years without any issues. Suddenly its not working. getting expired issue. https://github.com/lightbody/browsermob-proxy/blob/master/browsermob-core/src/main/resources/sslSupport/ca-certificate-ec.cer
Yes shared certificate not working:
`curl --cacert ca-certificate-ec.cer --verbose --proxy localhost:8081 https://www.google.com/
* Host localhost:8081 was resolved.
* IPv6: ::1
* IPv4: 127.0.0.1
* Trying [::1]:8081...
* Connected to localhost (::1) port 8081
* CONNECT tunnel: HTTP/1.1 negotiated
* allocate connect buffer
* Establish HTTP proxy tunnel to www.google.com:443
> CONNECT www.google.com:443 HTTP/1.1
> Host: www.google.com:443
> User-Agent: curl/8.7.1
> Proxy-Connection: Keep-Alive
>
< HTTP/1.1 200 Connection established
< Connection: keep-alive
< Via: 1.1 browsermobproxy
<
* CONNECT phase completed
* CONNECT tunnel established, response 200
* ALPN: curl offers h2,http/1.1
* (304) (OUT), TLS handshake, Client hello (1):
* CAfile: ca-certificate-ec.cer
* CApath: none
* (304) (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (OUT), TLS alert, unknown CA (560):
* SSL certificate problem: unable to get local issuer certificate
* Closing connection
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (OUT), TLS alert, unknown CA (560):
curl: (60) SSL certificate problem: unable to get local issuer certificate
More details here: https://curl.se/docs/sslcerts.html
curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.`
Hi @workcheng , Shared Certificate is not working. When i set the proxy. Getting Server Error. This certificate worked fine for last 3 years without any issues. Suddenly its not working. getting expired issue. https://github.com/lightbody/browsermob-proxy/blob/master/browsermob-core/src/main/resources/sslSupport/ca-certificate-ec.cer
The certificate has expired. You should generate paired certificates in this way, update the program, and then install the newly generated certificate.cer into the browser: https://github.com/lightbody/browsermob-proxy/tree/master/mitm#generating-and-saving-root-certificates
Yes shared certificate not working:
`curl --cacert ca-certificate-ec.cer --verbose --proxy localhost:8081 https://www.google.com/ * Host localhost:8081 was resolved. * IPv6: ::1 * IPv4: 127.0.0.1 * Trying [::1]:8081... * Connected to localhost (::1) port 8081 * CONNECT tunnel: HTTP/1.1 negotiated * allocate connect buffer * Establish HTTP proxy tunnel to www.google.com:443 > CONNECT www.google.com:443 HTTP/1.1 > Host: www.google.com:443 > User-Agent: curl/8.7.1 > Proxy-Connection: Keep-Alive > < HTTP/1.1 200 Connection established < Connection: keep-alive < Via: 1.1 browsermobproxy < * CONNECT phase completed * CONNECT tunnel established, response 200 * ALPN: curl offers h2,http/1.1 * (304) (OUT), TLS handshake, Client hello (1): * CAfile: ca-certificate-ec.cer * CApath: none * (304) (IN), TLS handshake, Server hello (2): * TLSv1.2 (IN), TLS handshake, Certificate (11): * TLSv1.2 (OUT), TLS alert, unknown CA (560): * SSL certificate problem: unable to get local issuer certificate * Closing connection * TLSv1.2 (IN), TLS handshake, Certificate (11): * TLSv1.2 (OUT), TLS alert, unknown CA (560): curl: (60) SSL certificate problem: unable to get local issuer certificate More details here: https://curl.se/docs/sslcerts.html curl failed to verify the legitimacy of the server and therefore could not establish a secure connection to it. To learn more about this situation and how to fix it, please visit the web page mentioned above.`
The certificate has expired. You should generate paired certificates in this way, update the program, and then install the newly generated certificate.cer into the browser: https://github.com/lightbody/browsermob-proxy/tree/master/mitm#generating-and-saving-root-certificates
Hi @workcheng , I'm not using this code in my project. I'm using only this certificate in my project using below steps.
- Download ca-certificate-ec.cer in my iOS mobile.
- Install certificate in General -> VPN Device management -> Install it
- Trust certificate
- Start Browsermob proxy in my code and test my app.
- All events are captured and saved in har file.
I need this certificate only. Could you please help on the steps how to generate this certificate. what command is used for generating the this certificate. Do we need to download this code. @workcheng Do you have code with you for generating new certificate. Can you share with me.
Hi @workcheng , I'm not using this code in my project. I'm using only this certificate in my project using below steps.
- Download ca-certificate-ec.cer in my iOS mobile.
- Install certificate in General -> VPN Device management -> Install it
- Trust certificate
- Start Browsermob proxy in my code and test my app.
- All events are captured and saved in har file.
I need this certificate only. Could you please help on the steps how to generate this certificate. what command is used for generating the this certificate. Do we need to download this code. @workcheng Do you have code with you for generating new certificate. Can you share with me.
try this: tmp.zip Replace the files with the same names under the ssl-support file.
Hi @workcheng , I'm not using this code in my project. I'm using only this certificate in my project using below steps.
- Download ca-certificate-ec.cer in my iOS mobile.
- Install certificate in General -> VPN Device management -> Install it
- Trust certificate
- Start Browsermob proxy in my code and test my app.
- All events are captured and saved in har file.
I need this certificate only. Could you please help on the steps how to generate this certificate. what command is used for generating the this certificate. Do we need to download this code. @workcheng Do you have code with you for generating new certificate. Can you share with me.
try this: tmp.zip Replace the files with the same names under the ssl-support file.
try this: ssl-support.zip
Hi @workcheng , I'm not using this code in my project. I'm using only this certificate in my project using below steps.
- Download ca-certificate-ec.cer in my iOS mobile.
- Install certificate in General -> VPN Device management -> Install it
- Trust certificate
- Start Browsermob proxy in my code and test my app.
- All events are captured and saved in har file.
I need this certificate only. Could you please help on the steps how to generate this certificate. what command is used for generating the this certificate. Do we need to download this code. @workcheng Do you have code with you for generating new certificate. Can you share with me.
try this: tmp.zip Replace the files with the same names under the ssl-support file.
try this: ssl-support.zip
$ curl --cacert ./ca-certificate-rsa.cer --verbose --proxy 127.0.0.1:8080 https://cn.bing.com
* Trying 127.0.0.1:8080...
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0* Connected to 127.0.0.1 (127.0.0.1) port 8080 (#0)
* allocate connect buffer!
* Establish HTTP proxy tunnel to cn.bing.com:443
> CONNECT cn.bing.com:443 HTTP/1.1
> Host: cn.bing.com:443
> User-Agent: curl/7.78.0
> Proxy-Connection: Keep-Alive
>
< HTTP/1.1 404 Not Found
< Cache-Control: must-revalidate,no-cache,no-store
< Content-Type: text/html;charset=ISO-8859-1
< Content-Length: 1281
< Server: Jetty(7.x.y-SNAPSHOT)
<
* Received HTTP code 404 from proxy after CONNECT
* CONNECT phase completed!
* Closing connection 0
curl: (56) Received HTTP code 404 from proxy after CONNECT
Hi @workcheng , I'm not using this code in my project. I'm using only this certificate in my project using below steps.
- Download ca-certificate-ec.cer in my iOS mobile.
- Install certificate in General -> VPN Device management -> Install it
- Trust certificate
- Start Browsermob proxy in my code and test my app.
- All events are captured and saved in har file.
I need this certificate only. Could you please help on the steps how to generate this certificate. what command is used for generating the this certificate. Do we need to download this code. @workcheng Do you have code with you for generating new certificate. Can you share with me.
try this: tmp.zip Replace the files with the same names under the ssl-support file.
try this: ssl-support.zip
$ curl --cacert ./ca-certificate-rsa.cer --verbose --proxy 127.0.0.1:8080 https://cn.bing.com * Trying 127.0.0.1:8080... % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0* Connected to 127.0.0.1 (127.0.0.1) port 8080 (#0) * allocate connect buffer! * Establish HTTP proxy tunnel to cn.bing.com:443 > CONNECT cn.bing.com:443 HTTP/1.1 > Host: cn.bing.com:443 > User-Agent: curl/7.78.0 > Proxy-Connection: Keep-Alive > < HTTP/1.1 404 Not Found < Cache-Control: must-revalidate,no-cache,no-store < Content-Type: text/html;charset=ISO-8859-1 < Content-Length: 1281 < Server: Jetty(7.x.y-SNAPSHOT) < * Received HTTP code 404 from proxy after CONNECT * CONNECT phase completed! * Closing connection 0 curl: (56) Received HTTP code 404 from proxy after CONNECT
Hi @workcheng , I'm not using this code in my project. I'm using only this certificate in my project using below steps.
- Download ca-certificate-ec.cer in my iOS mobile.
- Install certificate in General -> VPN Device management -> Install it
- Trust certificate
- Start Browsermob proxy in my code and test my app.
- All events are captured and saved in har file.
I need this certificate only. Could you please help on the steps how to generate this certificate. what command is used for generating the this certificate. Do we need to download this code. @workcheng Do you have code with you for generating new certificate. Can you share with me.
try this: tmp.zip Replace the files with the same names under the ssl-support file.
try this: ssl-support.zip
Hi @workcheng Can you give ca-certificate-ec.cer, ca-keystore-ec.p12 this file too?
Hi @workcheng , I'm not using this code in my project. I'm using only this certificate in my project using below steps.
- Download ca-certificate-ec.cer in my iOS mobile.
- Install certificate in General -> VPN Device management -> Install it
- Trust certificate
- Start Browsermob proxy in my code and test my app.
- All events are captured and saved in har file.
I need this certificate only. Could you please help on the steps how to generate this certificate. what command is used for generating the this certificate. Do we need to download this code. @workcheng Do you have code with you for generating new certificate. Can you share with me.
try this: tmp.zip Replace the files with the same names under the ssl-support file.
try this: ssl-support.zip
$ curl --cacert ./ca-certificate-rsa.cer --verbose --proxy 127.0.0.1:8080 https://cn.bing.com * Trying 127.0.0.1:8080... % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0* Connected to 127.0.0.1 (127.0.0.1) port 8080 (#0) * allocate connect buffer! * Establish HTTP proxy tunnel to cn.bing.com:443 > CONNECT cn.bing.com:443 HTTP/1.1 > Host: cn.bing.com:443 > User-Agent: curl/7.78.0 > Proxy-Connection: Keep-Alive > < HTTP/1.1 404 Not Found < Cache-Control: must-revalidate,no-cache,no-store < Content-Type: text/html;charset=ISO-8859-1 < Content-Length: 1281 < Server: Jetty(7.x.y-SNAPSHOT) < * Received HTTP code 404 from proxy after CONNECT * CONNECT phase completed! * Closing connection 0 curl: (56) Received HTTP code 404 from proxy after CONNECTHi @workcheng , I'm not using this code in my project. I'm using only this certificate in my project using below steps.
- Download ca-certificate-ec.cer in my iOS mobile.
- Install certificate in General -> VPN Device management -> Install it
- Trust certificate
- Start Browsermob proxy in my code and test my app.
- All events are captured and saved in har file.
I need this certificate only. Could you please help on the steps how to generate this certificate. what command is used for generating the this certificate. Do we need to download this code. @workcheng Do you have code with you for generating new certificate. Can you share with me.
try this: tmp.zip Replace the files with the same names under the ssl-support file.
try this: ssl-support.zip
Hi @workcheng Can you give ca-certificate-ec.cer, ca-keystore-ec.p12 this file too?
ok: ssl-support.zip
Its not working @workcheng. Getting not verified error
What was the prompt when the original certificate was installed? This is a self-signed certificate. Isn't it normal that it didn't pass the verification?
@workcheng Shared ca-certificate-ec.cer has RSA encryption instead of Elliptic Curve Public Key.
Original
Shared one
@workcheng Shared ca-certificate-ec.cer has RSA encryption instead of Elliptic Curve Public Key. Original
Shared one
I use this for my own project on the PC side. As long as I load the new .p12 certificate when starting and the browser trusts the cer certificate, I can pass the proxy. My current program is running normally. But I don't know how to solve your problem.
@workcheng Shared ca-certificate-ec.cer has RSA encryption instead of Elliptic Curve Public Key. Original
I use this for my own project on the PC side. As long as I load the new .p12 certificate when starting and the browser trusts the cer certificate, I can pass the proxy. My current program is running normally. But I don't know how to solve your problem.
I generated this certificate using the certificate generated by my tool. I guess that if I want this to pass the verification, I need to generate this certificate using a certificate that is trusted by the root certificate.
@workcheng Is it possible to generate the certificate with root certificate?
browsermob-proxy-2.1.5-bin.zip build with updated certs
@artsab This file is not there ca-certificate-ec.cer. Could you please generate this certificate and share here. I tried other certificated, its not working.
Yes, sorry. certs.zip sudo mkdir /sslSupport unzip certs.zip sudo mv certificate.cer /sslSupport sudo mv private-key.pem /sslSupport
Cert and key path hardcoded
@artsab Not working. Could you please generate this file and share it to me ca-certificate-ec.cer. You have shared RSA encryption, I required ECC. If possible generate and share this certificate ca-certificate-ec.cer