Certificate is expired.

[lucashimpens]

Hello,

We are using the browsermob proxy and the certificate provided is expired since yesterday: https://github.com/lightbody/browsermob-proxy/blob/master/browsermob-core/src/main/resources/sslSupport/ca-certificate-rsa.cer

Can we have a new certificate?

Thank you!

[workcheng]

look this: https://github.com/lightbody/browsermob-proxy/tree/master/mitm

[niha55]

This maven dependency uses this certificate internally which has been causing failure in page loads due to expiry. How should that be handled?

[workcheng]

This maven dependency uses this certificate internally which has been causing failure in page loads due to expiry. How should that be handled?

look this: https://github.com/lightbody/browsermob-proxy/issues/917

[niha55]

The certificate is embedded within the dependency, Is there a way to overwrite it because the outdated one in it is causing failure despite using a new certificate externally

[workcheng]

The certificate is embedded within the dependency, Is there a way to overwrite it because the outdated one in it is causing failure despite using a new certificate externally

look this: https://github.com/lightbody/browsermob-proxy/tree/master/mitm you can modify the code and generate a long term certificate

[niha55]

Yes this does generate the certificate but everytime i use proxy there seems to be an issue with launching the website. i get a “connection not private error” and under details its due to expired certificate in the BrowserMob

[praveenthumbur]

@jekh @xnx3 could you please help on this, generating new certificate and updated into the branch https://github.com/lightbody/browsermob-proxy/blob/master/browsermob-core/src/main/resources/sslSupport/ca-certificate-ec.cer

[xnx3]

@jekh @xnx3 could you please help on this, generating new certificate and updated into the branch https://github.com/lightbody/browsermob-proxy/blob/master/browsermob-core/src/main/resources/sslSupport/ca-certificate-ec.cer

How can I assist? I don't have the overall management authority over this warehouse

[niha55]

We would like help with creation of a new certificate and replacing it with the expired one in the repository under sslsupport folder

[workcheng]

We would like help with creation of a new certificate and replacing it with the expired one in the repository under sslsupport folder

The certificate has expired. You should generate paired certificates in this way, update the program, and then install the newly generated certificate.cer into the browser： https://github.com/lightbody/browsermob-proxy/tree/master/mitm#generating-and-saving-root-certificates

[niha55]

That doesnt seem to work. @jekh could you please renew the certificate in this utility?

[niha55]

The expired certificate in the utility is cause a blocker in using the dependency as there is no way to overwrite it using a script

[niha55]

Has anybody found any workaround for this issue?

[artsab]

browsermob-proxy-2.1.5-bin.zip build with updated certs.

[praveenthumbur]

Hi, Anyone generated certificate(ca-certificate-ec.cer) and it worked for them? Can you share it?

[edschindler]

Python user here.

1. The certificate page assumes a java environment, and it's not clear that the things that it calls for doing have parallels in the python environment.

2. Thanks to @artsab for upversioning with new certificates. I tried the one from the other Issue thread. However, there is an embedded certificate somewhere in the code. When run from the python adapter, the proxy continues to use the old certificate even though new ones are in the ssl-support directory. I've also tried putting new certificate sets into the 2.1.4 environment, but mitm stubbornly insists on ignoring them and using the old ones.

Puzzling and frustrating.

[workcheng]

ca-certificate-ec.cer

Generating only the ca-certificate-ec.cer is not sufficient. It needs to be compatible with the certificate of the proxy server side.

[edschindler]

Looking in more depth at the informal 2.1.5 version that @artsab so kindly provided, I see that the new certs are indeed embedded in the jar file.

However, when I try to use it in the python environment, attempts to access ssl sites hang. Here's what I'm doing:

1. in a terminal, run a python script that activates browsermob-proxy, reports it's port, and waits to be told to quit.

2. I activate Firefox and do two things: import the certificate(s) from 2.1.5's ssl-support directory, and configure manual proxy on localhost and port as reported by the proxy. (I import both of the .cer files since I'm not sure which one is needed by default.)

3. Navigating to a non-ssl site works fine. Navigating to an ssl site times out. The log file shows " Unable to read PEM-encoded data from file: certificate.cer"

Not sure what I'm doing wrong, if anything. The exact same steps using 2.1.4 results in the expired certificate failure, as expected.

(As noted previously, the python interface does not provide the same control over certificate generation and use as the java system does, so we are stuck with the defaults and can't override them. All that detail on the mitm readme is not useful.)

This is my simple python that activates browsermob-proxy:

from browsermobproxy import Server
import time

server = Server(path="./browsermob-proxy-2.1.5/bin/browsermob-proxy")
server.start()
time.sleep(1)
proxy = server.create_proxy()
time.sleep(1)

cmd = input("Proxy runnng on port {}. "Enter" to close... ".format(proxy.port))

proxy.close()
server.stop()

This is the contents of bmp.log upon activation and navigation to an ssl site:

[INFO  2025-01-20T07:49:03,612 net.lightbody.bmp.proxy.Main] (main) Starting BrowserMob Proxy version 2.1.5 
[INFO  2025-01-20T07:49:03,646 org.eclipse.jetty.util.log] (main) jetty-7.x.y-SNAPSHOT 
[INFO  2025-01-20T07:49:03,689 org.eclipse.jetty.util.log] (main) started o.e.j.s.ServletContextHandler{/,null} 
[INFO  2025-01-20T07:49:03,865 org.eclipse.jetty.util.log] (main) Started [email protected]:8080 
[INFO  2025-01-20T07:49:05,760 net.lightbody.bmp.BrowserMobProxyServer] (qtp1251897263-21) mitmManager inititalization ... 
[INFO  2025-01-20T07:49:05,928 org.littleshoot.proxy.impl.DefaultHttpProxyServer] (qtp1251897263-21) Starting proxy at address: 0.0.0.0/0.0.0.0:8081 
[INFO  2025-01-20T07:49:05,956 org.littleshoot.proxy.impl.DefaultHttpProxyServer] (qtp1251897263-21) Proxy listening with TCP transport 
[INFO  2025-01-20T07:49:06,025 org.littleshoot.proxy.impl.DefaultHttpProxyServer] (qtp1251897263-21) Proxy started at address: /0:0:0:0:0:0:0:0:8081 
[WARN  2025-01-20T07:49:12,704 io.netty.util.concurrent.DefaultPromise] (LittleProxy-0-ClientToProxyWorker-0) An exception was thrown by org.littleshoot.proxy.impl.ConnectionFlow$2.operationComplete() net.lightbody.bmp.mitm.exception.MitmException: Error creating SSLEngine for connection to client to impersonate upstream host: www.google.com
	at net.lightbody.bmp.mitm.manager.ImpersonatingMitmManager.clientSslEngineFor(ImpersonatingMitmManager.java:227) ~[browsermob-dist-2.1.5.jar:?]
	at org.littleshoot.proxy.impl.ProxyToServerConnection$3.execute(ProxyToServerConnection.java:724) ~[browsermob-dist-2.1.5.jar:?]
	at org.littleshoot.proxy.impl.ConnectionFlow.doProcessCurrentStep(ConnectionFlow.java:140) ~[browsermob-dist-2.1.5.jar:?]
	at org.littleshoot.proxy.impl.ConnectionFlow.processCurrentStep(ConnectionFlow.java:128) ~[browsermob-dist-2.1.5.jar:?]
	at org.littleshoot.proxy.impl.ConnectionFlow.advance(ConnectionFlow.java:90) ~[browsermob-dist-2.1.5.jar:?]
	at org.littleshoot.proxy.impl.ConnectionFlowStep.onSuccess(ConnectionFlowStep.java:83) ~[browsermob-dist-2.1.5.jar:?]
	at org.littleshoot.proxy.impl.ConnectionFlow$2.operationComplete(ConnectionFlow.java:149) ~[browsermob-dist-2.1.5.jar:?]
	at io.netty.util.concurrent.DefaultPromise.notifyListener0(DefaultPromise.java:507) ~[browsermob-dist-2.1.5.jar:?]
	at io.netty.util.concurrent.DefaultPromise.notifyListenersNow(DefaultPromise.java:481) ~[browsermob-dist-2.1.5.jar:?]
	at io.netty.util.concurrent.DefaultPromise.notifyListeners(DefaultPromise.java:420) ~[browsermob-dist-2.1.5.jar:?]
	at io.netty.util.concurrent.DefaultPromise.addListener(DefaultPromise.java:163) ~[browsermob-dist-2.1.5.jar:?]
	at io.netty.channel.DefaultChannelPromise.addListener(DefaultChannelPromise.java:93) ~[browsermob-dist-2.1.5.jar:?]
	at io.netty.channel.DefaultChannelPromise.addListener(DefaultChannelPromise.java:28) ~[browsermob-dist-2.1.5.jar:?]
	at org.littleshoot.proxy.impl.ConnectionFlow.doProcessCurrentStep(ConnectionFlow.java:140) ~[browsermob-dist-2.1.5.jar:?]
	at org.littleshoot.proxy.impl.ConnectionFlow.access$000(ConnectionFlow.java:14) ~[browsermob-dist-2.1.5.jar:?]
	at org.littleshoot.proxy.impl.ConnectionFlow$1.run(ConnectionFlow.java:124) ~[browsermob-dist-2.1.5.jar:?]
	at io.netty.util.concurrent.PromiseTask$RunnableAdapter.call(PromiseTask.java:38) ~[browsermob-dist-2.1.5.jar:?]
	at io.netty.util.concurrent.PromiseTask.run(PromiseTask.java:73) ~[browsermob-dist-2.1.5.jar:?]
	at io.netty.util.concurrent.AbstractEventExecutor.safeExecute(AbstractEventExecutor.java:163) ~[browsermob-dist-2.1.5.jar:?]
	at io.netty.util.concurrent.SingleThreadEventExecutor.runAllTasks(SingleThreadEventExecutor.java:403) ~[browsermob-dist-2.1.5.jar:?]
	at io.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:463) ~[browsermob-dist-2.1.5.jar:?]
	at io.netty.util.concurrent.SingleThreadEventExecutor$5.run(SingleThreadEventExecutor.java:858) ~[browsermob-dist-2.1.5.jar:?]
	at java.lang.Thread.run(Thread.java:829) ~[?:?]
Caused by: com.google.common.util.concurrent.UncheckedExecutionException: net.lightbody.bmp.mitm.exception.ImportException: Unable to read PEM-encoded data from file: certificate.cer
	at com.google.common.cache.LocalCache$Segment.get(LocalCache.java:2213) ~[browsermob-dist-2.1.5.jar:?]
	at com.google.common.cache.LocalCache.get(LocalCache.java:4053) ~[browsermob-dist-2.1.5.jar:?]
	at com.google.common.cache.LocalCache$LocalManualCache.get(LocalCache.java:4899) ~[browsermob-dist-2.1.5.jar:?]
	at net.lightbody.bmp.mitm.manager.ImpersonatingMitmManager.getHostnameImpersonatingSslContext(ImpersonatingMitmManager.java:242) ~[browsermob-dist-2.1.5.jar:?]
	at net.lightbody.bmp.mitm.manager.ImpersonatingMitmManager.clientSslEngineFor(ImpersonatingMitmManager.java:223) ~[browsermob-dist-2.1.5.jar:?]
	... 22 more
Caused by: net.lightbody.bmp.mitm.exception.ImportException: Unable to read PEM-encoded data from file: certificate.cer
	at net.lightbody.bmp.mitm.util.EncryptionUtil.readPemStringFromFile(EncryptionUtil.java:109) ~[browsermob-dist-2.1.5.jar:?]
	at net.lightbody.bmp.mitm.PemFileCertificateSource.loadCertificateAndKeyFiles(PemFileCertificateSource.java:75) ~[browsermob-dist-2.1.5.jar:?]
	at net.lightbody.bmp.mitm.PemFileCertificateSource.access$0(PemFileCertificateSource.java:62) ~[browsermob-dist-2.1.5.jar:?]
	at net.lightbody.bmp.mitm.PemFileCertificateSource$1.get(PemFileCertificateSource.java:32) ~[browsermob-dist-2.1.5.jar:?]
	at net.lightbody.bmp.mitm.PemFileCertificateSource$1.get(PemFileCertificateSource.java:1) ~[browsermob-dist-2.1.5.jar:?]
	at com.google.common.base.Suppliers$NonSerializableMemoizingSupplier.get(Suppliers.java:160) ~[browsermob-dist-2.1.5.jar:?]
	at net.lightbody.bmp.mitm.PemFileCertificateSource.load(PemFileCertificateSource.java:59) ~[browsermob-dist-2.1.5.jar:?]
	at net.lightbody.bmp.mitm.manager.ImpersonatingMitmManager$2.get(ImpersonatingMitmManager.java:124) ~[browsermob-dist-2.1.5.jar:?]
	at net.lightbody.bmp.mitm.manager.ImpersonatingMitmManager$2.get(ImpersonatingMitmManager.java:1) ~[browsermob-dist-2.1.5.jar:?]
	at com.google.common.base.Suppliers$NonSerializableMemoizingSupplier.get(Suppliers.java:160) ~[browsermob-dist-2.1.5.jar:?]
	at net.lightbody.bmp.mitm.manager.ImpersonatingMitmManager.createImpersonatingSslContext(ImpersonatingMitmManager.java:291) ~[browsermob-dist-2.1.5.jar:?]
	at net.lightbody.bmp.mitm.manager.ImpersonatingMitmManager.createImpersonatingSslContext(ImpersonatingMitmManager.java:271) ~[browsermob-dist-2.1.5.jar:?]
	at net.lightbody.bmp.mitm.manager.ImpersonatingMitmManager.access$3(ImpersonatingMitmManager.java:264) ~[browsermob-dist-2.1.5.jar:?]
	at net.lightbody.bmp.mitm.manager.ImpersonatingMitmManager$3.call(ImpersonatingMitmManager.java:245) ~[browsermob-dist-2.1.5.jar:?]
	at net.lightbody.bmp.mitm.manager.ImpersonatingMitmManager$3.call(ImpersonatingMitmManager.java:1) ~[browsermob-dist-2.1.5.jar:?]
	at com.google.common.cache.LocalCache$LocalManualCache$1.load(LocalCache.java:4904) ~[browsermob-dist-2.1.5.jar:?]
	at com.google.common.cache.LocalCache$LoadingValueReference.loadFuture(LocalCache.java:3627) ~[browsermob-dist-2.1.5.jar:?]
	at com.google.common.cache.LocalCache$Segment.loadSync(LocalCache.java:2335) ~[browsermob-dist-2.1.5.jar:?]
	at com.google.common.cache.LocalCache$Segment.lockedGetOrLoad(LocalCache.java:2294) ~[browsermob-dist-2.1.5.jar:?]
	at com.google.common.cache.LocalCache$Segment.get(LocalCache.java:2207) ~[browsermob-dist-2.1.5.jar:?]
	at com.google.common.cache.LocalCache.get(LocalCache.java:4053) ~[browsermob-dist-2.1.5.jar:?]
	at com.google.common.cache.LocalCache$LocalManualCache.get(LocalCache.java:4899) ~[browsermob-dist-2.1.5.jar:?]
	at net.lightbody.bmp.mitm.manager.ImpersonatingMitmManager.getHostnameImpersonatingSslContext(ImpersonatingMitmManager.java:242) ~[browsermob-dist-2.1.5.jar:?]
	at net.lightbody.bmp.mitm.manager.ImpersonatingMitmManager.clientSslEngineFor(ImpersonatingMitmManager.java:223) ~[browsermob-dist-2.1.5.jar:?]
	... 22 more