Getting certificate errors when using ProxHTTPSProxy

[CarCrasher730]

Describe the bug When using ProxHTTPSProxy and Supermium together, I get the invalid certificate error or website is unsafe but when I close ProxHTTPSProxy, it will work fine.

To Reproduce Steps to reproduce the behavior:

1. Install ProxHTTPSProxy from here: (https://escargot.chat/services/messenger/forums/110002000195710/guide-using-proxhttpsproxy-on-windows-xp-vista-to-avoid-messenger-errors/)
2. Install Supermium
3. Run ProxHTTPSProxy
4. Run Supermium and browse to any site

Screenshots

Desktop (please complete the following information):

• OS: Windows XP Professional SP3 32bit
• 32bit version of the browser

[IDA-RE-things]

Is such ProxHTTPSProxy working with other browsers for you ? I dont think this is a browser problem.

Also try to use "--ignore-certificate-errors" switch. I always use it.

Also try to google such "ERR_CERT_AUTHORITY_INVALID" error.

[CarCrasher730]

It is working fine with other browsers like mypal and the original google chrome. But I will try that switch then.

[IDA-RE-things]

Ok. which version of "original google chrome" ? Older versions of it was more tolerant to such errors, but recent more nagging to it.

ProxHTTPSProxy is a Proxomitron-based proxy as I know. I'm using just Proxomitron , but patched by me to improve such certificates handling and to use updated open-ssl libs as I remember. And ProxHTTPSProxy as I understand do same, but in another way. I also got this ERR_CERT_AUTHORITY_INVALID error before. Then created right certificate, and so on..

I think MyPal also ignores it.

[CarCrasher730]

Im using the last supported version of chrome for windows xp you get from the google chrome website and well other browsers like firefox, opera and IE also seem to work fine

[Stepman123]

Did you forget to install the certificate? Install on the system, for Chromium and other programs. For Firefox, in Firefox settings.

[JoachimHenze]

If --ignore-certificate-errors didn't help you already, you could try to update your root certificates for Windows XP. That doesn't happen automatically anymore on WinXP/2k3 since MS stopped updating them with their AutoUpdates. But there are some nice 3rd party tools available that can do the job, e.g.: CA Roots Update.zip In the archive are 3 different tools. I do typically use the topmost named "autorootsupdate" you can also find a few links where I got that stuff from, in case you prefer to download it yourself from the source.

In some rare cases such issues can also be caused by your computers clock being async to an atomic clock. So you can try tweaking your clocks setting next. But I would start with the roots CA update from the zips first.

But yes, if you use ProxHTTPSProxy, then you must make sure that the proxy itself is trusted by your OS (e.g. by installing a cert for it), otherwise it's actually the browsers job to warn you. You will have to suppress the warning if you can't make the proxy trusted. It interferes with the end-to-end-approach.

Please give feedback what helped you ultimately @CarCrasher730

[Stepman123]

If you use this program but have not installed the certificate, then all browsers should show an error. Otherwise, your browser is not secure.

[IDA-RE-things]

following info wiil be not only for you, of course, but also for other people, having same problems.

---

You can examine the sertificate by clicking there on the top of page: It will give us and your all requered information.

It looks like you dont installed ProxHTTPSProxy secrtificate as Trusted Root Authority. (under IE options, or control panel "Internet options")

Also read this (Install section): https://github.com/wheever/ProxHTTPSProxyMII

---

Updating of system certificates will not help in our case, because ProxHTTPSProxy changes all incoming certificates to its own.

But its very strange that IE shows HTTPS sites throuth that proxy without it, as you say. IE 8 dont allow me to do this. Which IE you are using ?

---

[CarCrasher730]

I have installed the certificate through ProxHTTPS Cert Install and manually (the included CA.crt is what im refering to) and I checked to see if it is in Trusted Root Authority and it was there, so I reinstalled it again it made no difference. Altough I got firefox to work at first with setting it to use No Proxy which means it wont use ProxHTTPSProxy but If I set it to use system proxy settings it will also give me a unsafe site error but If I install the ProxHTTPSProxy certificate for Firefox and set it back to using system proxy settings the errors go away and with mypal it doesnt seem to be affected by it because if i set it to no proxy or use system proxy settings and or even install the certificate nothing happens but seems like it doesnt use ProxHTTPSProxy's certificates. Using --ignore-certificate-errors seems to work fine for the most part altough some sites with cloudflare will block the browser and the date on the computer should be correct I have synced it with the host computer and in Windows XP manually as well and also im using Windows XP in a vm. Also I did update root certificates using this (i did this before installing supermium or proxhttpsproxy) https://msfn.org/board/topic/175170-root-certificates-and-revoked-certificates-for-windows-xp/page/3/ One more thing I noticed is regular Chrome seems to have no issue with ProxHTTPSProxy but Supermium gives me an error, I did try installing certificates in Supermium and regular Chrome but they open up the same certificates tab from internet options but I still installed it anyway with no change for both of them. I think the certificate is installed correctly since IE and Opera show as using the certificates but they dont give any errors. And my IE8 version is this The versions of the browsers I used are: Firefox ESR 52.9.0 (32-bit), Google Chrome Version 49.0.2623.112 (32-bit), Mypal 68.13.7b (32-bit) and Opera 36.0.2130.80 (32-bit). Also heres the info Supermium gives in the certificate error page: I may also note that im using the unofficial SP4 updates and POSReady registry hack to get access to more updates with legacyupdate and ive also added TLS 1.1 and 1.2 into the internet options using this guide https://www.emailarchitect.net/easendmail/sdk/html/object_tls12.htm and I have all of these enabled

[CarCrasher730]

Oh and here is to show the certificate as being installed

[IDA-RE-things]

Ok, I saw..

In this case, what is displayed on Security tab in Page Inspector?, may be we will see additional errors or info like below.

Because you are using old versions of Google Chrome/ IE8 and others (available for XP), They are not so nagging to it. But for example, 360Chrome (v10.x, v11.x), based on more latest Chromum ver, will do same as Supermium do now. (its appeared for me in the past in 360Chrome).

Below are screenshot from Supermium, if I turn it to use Proxomitron directly.

[CarCrasher730]

This is what it shows for me in Supermium if I look in the security tab

[Stepman123]

It is possible that the problem is in an outdated version. I see TLS 1.2, as well as a certificate up to 2025. Another version should have up to 2032, TLS 1.3. Supermium works fine for me with this version. https://msfn.org/board/topic/183352-proxhttpsproxy-and-httpsproxy-in-windows-xp-for-future-use/ The link from msfm is still working: https://www.mediafire.com/file/1fd0ezzpuy7qctu/ProxHTTPSProxy_TLS_1_3_1_5_220717_PopMenu_3V3.7z/file

Mypal68 ignores the system proxy settings option.

[CarCrasher730]

Thanks that fixed it, I had a outdated version of ProxHTTPSProxy and after uninstalling the old one and installing the new one you linked I longer get the certificates error.

[JoachimHenze]

Great, we should close the ticket as resolved then. To keep the bugtracker tidy.