Add Chrome and Firefox client side instructions

[gaul]

Configuring the SSL certificates can confuse users. The README or wiki should have detailed instructions for how to establish both SSL trust to compy and the CA trust for MitM.

[Dunuin]

Would like to see that too. I created both certificates with...

openssl req -x509 -newkey rsa:2048 -nodes -keyout ca.key -out ca.crt -days 3650 -subj '/CN=192.168.42.5>'
openssl req -x509 -newkey rsa:2048 -nodes -keyout cert.key -out cert.crt -days 3650 -subj '/CN=<192.168.42.5>'

...and added that certs to chrome and firefox but the browser only throw out an "ERR_PROXY_CERTIFICATE_INVALID" and compy

2018/04/20 02:43:15 http: TLS handshake error from 192.168.42.6:53461: tls: oversized record received with length 20037
2018/04/20 02:43:16 http: TLS handshake error from 192.168.42.6:53462: tls: first record does not look like a TLS handshake

Is it wrong to use an local IP? I also got an letsencrypt cert for the apache on the same machine but I just want to access the Proxy from inside my LAN (and VPN) and not with my DynDNS.

[Dunuin]

Did I something wrong or is HTTPS really not supported by the golangs Transport.Proxy. See https://go-review.googlesource.com/c/go/+/66010

I also read modern browsers dont trust self signed certs anymore and if you want to use an browser on android to connect to compy you need to compile one yourself. See https://forum.xda-developers.com/android/software/guide-creating-firefox-data-saver-proxy-t3773634

Any hints how to get compy working?

[amthe]

Love this project! But I don’t get where to put which cert either. I am on ubuntu. Help

[amthe]

I would write up some more detailed instructions and close this issue for some help to get started. Thanks!

[barnacs]

But I don’t get where to put which cert either

The one you use with the -cert option (for SSL connection between your browser and the proxy), you simply need your browser to trust it. You can either use a cert issued by a certificate authority trusted by your browser by default, or if you use a self-signed one, you can just visit the proxy URL via HTTPS (eg. https://example.com:9999) and the browser should give you a warning with an option to permanently trust the cert. Alternatively, in firefox, you can go to "about:preferences#privacy", at the bottom click the button "View Certificates", this should bring up the "certifiate manager". Go to the "Servers" tab, click the "Add Exception" button, for the location set your proxy URL (eg. https://example.com:9999), click "Get Certificate", make sure "Permanently store this exception" is ticked, confirm.

For the mitm cert (-ca option), you need your browser to trust this one as a Certificate Authority. In the firefox "certificate manager", select the "Authorities" tab, click the "Import..." button and locate your certificate.

I don't know about any other browsers but this hopefully gives you some idea what to look for.