search

zytedata / zyte-smartproxy-headless-proxy

A complimentary proxy to help to use SPM with headless browsers
MIT License
109 stars 36 forks source link

cennot finish TLS handshake: remote error: tls: unknown certificate #25

Closed Canon88 closed 4 years ago

Canon88 commented 4 years ago

HI: I am having a problem, when I visit an http site, it has no problem. However, when I visit the https site, I get the following report error, what should I do? Can you tell me? Thank you!

WARN[0004] [192.168.199.162:61148] (4294967297): cennot finish TLS handshake: remote error: tls: unknown certificate
WARN[0004] [192.168.199.162:61150] (8589934593): cennot finish TLS handshake: remote error: tls: unknown certificate
WARN[0004] [192.168.199.162:61151] (12884901889): cennot finish TLS handshake: remote error: tls: unknown certificate
WARN[0113] [192.168.199.162:61250] (17179869185): cennot finish TLS handshake: remote error: tls: unknown certificate
WARN[0114] [192.168.199.162:61252] (21474836481): cennot finish TLS handshake: remote error: tls: unknown certificate
WARN[0114] [192.168.199.162:61253] (25769803777): cennot finish TLS handshake: remote error: tls: unknown certificate
{
    "a11yenhanced": "",
    "bad_clock": false,
    "closeDetails": "Hide advanced",
    "ct": "",
    "currentDate": "Jun 15, 2020",
    "displaycheckbox": false,
    "errorCode": "net::ERR_CERT_AUTHORITY_INVALID",
    "expirationDate": "Jun 14, 2030",
    "explanationParagraph": "This server could not prove that it is <strong>ip138.com</strong>; its security certificate is not trusted by your computer's operating system. This may be caused by a misconfiguration or an attacker intercepting your connection.",
    "finalParagraph": "<a href=\"#\" id=\"proceed-link\">Proceed to ip138.com (unsafe)</a>",
    "fontfamily": "DejaVu Sans, Arial, sans-serif",
    "fontsize": "75%",
    "heading": "Your connection is not private",
    "hide_primary_button": false,
    "issuer": "ScrapingHub",
    "language": "en",
    "openDetails": "Advanced",
    "overridable": true,
    "pem": "-----BEGIN CERTIFICATE-----\nMIID9zCCAlygAwIBAgIVALTqTMX6/VzjyBU2FnWh/L/j61vxMA0GCSqGSIb3DQEB\nCwUAMFoxCzAJBgNVBAYTAklSMRMwEQYDVQQIDApTb21lLVN0YXRlMRQwEgYDVQQK\nDAtTY3JhcGluZ0h1YjEgMB4GA1UECwwXQ3Jhd2xlcmEgSGVhZGxlc3MgUHJveHkw\nHhcNNzAwMTAxMDAwMDAwWhcNMzAwNjE0MTYwMDAwWjAfMQkwBwYDVQQKEwAxEjAQ\nBgNVBAMTCWlwMTM4LmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB\nALzCMl1ugIgEdqZ0P2HOohb7llCAWkVx/41sZ3prFfuexUrlY70f0cWTsUNCxvAj\nVgw79AQZAIa93rMuMRejjfWFLH3hQ1X8SAX7UdnolBYf2diwqWzibj2nUvUUzIEL\nsjRl3ODCkWojspXtLcToxX8+0+mRvRO3SNfB9rh9caoDjcUO6NRJyhkPuuWf/76e\n+hxwTrsXp3M++x21h1f9b29o9glUWNUjfupyQ1nd/HX17rMaqi8TVV1z6NhXGI76\nJ2DWTihFQOIWYSmC4aRitiOSJsShjNZRC9KX9P8clQfdV83ckPLZ1ZMZvvnRy2Fv\nhHe/Kt5Ob6RBmBPNtVReIuUCAwEAAaNsMGowDgYDVR0PAQH/BAQDAgWgMBMGA1Ud\nJQQMMAoGCCsGAQUFBwMBMAwGA1UdEwEB/wQCMAAwHwYDVR0jBBgwFoAUcZic0cpj\n9xPBEPWvmeohfE3FCsowFAYDVR0RBA0wC4IJaXAxMzguY29tMA0GCSqGSIb3DQEB\nCwUAA4IBhAAK3swq2Ga6i9+/YwzYjYBID2ZwNqsCJKMTHxUkxbOZT0+USH9By+0+\nfMpC5IJTYu66ncNHA2NXErE5Bt95565DBugeyjvvRTRjVsNsFC9unF2E3d1T1yE2\n+qeiiDBG0mVpvTvq4FWGnH0pThF+3Ryx5Lp8gq5JIi+WAPc2sWUHGTeQY+xk2GV6\nnIibtPprclsfAWs5BrrEniDwJIRh/jkrlbxC6I7hkyEaWMhgdLaWXULkvm09uhR7\nzQDNfA77FogE4ESK8xIDxouWZl/qtlfilobiafQ+1XFnRXDGpqeLJ2KWNMm5rUj6\nFUEcYg+EMbAGUhH708xKjBhwzGgJcS5sPD7CZn5/h3pkL1sy45vIj7glSxdd6aOK\nwl6BBRNtIy7Fx9ZI7Sz3+GHM80+pCEvjKWt16FGDcqOBvkHjxaEiBm7wz2y8hEwv\nlW3FFcXf70UwvjRjygUmFXzF4cxagaxgC2K9OcAZBQyyv3+TM5hOnrSRuZXMmNJ4\nV7qa99T9dAowko0=\n-----END CERTIFICATE-----\n-----BEGIN CERTIFICATE-----\nMIIEjDCCAvGgAwIBAgIJALFJCQU3CJNhMA0GCSqGSIb3DQEBCwUAMFoxCzAJBgNV\nBAYTAklSMRMwEQYDVQQIDApTb21lLVN0YXRlMRQwEgYDVQQKDAtTY3JhcGluZ0h1\nYjEgMB4GA1UECwwXQ3Jhd2xlcmEgSGVhZGxlc3MgUHJveHkwHhcNMTgwNDA1MTAz\nMjI1WhcNNDUwODIxMTAzMjI1WjBaMQswCQYDVQQGEwJJUjETMBEGA1UECAwKU29t\nZS1TdGF0ZTEUMBIGA1UECgwLU2NyYXBpbmdIdWIxIDAeBgNVBAsMF0NyYXdsZXJh\nIEhlYWRsZXNzIFByb3h5MIIBpDANBgkqhkiG9w0BAQEFAAOCAZEAMIIBjAKCAYMM\nNi6ZLBoLN6Ut+amWbI2JHN1jnkrh25HCA9HkdboEj/oN+O8xcKV0UsVBwElCz20B\nlXbUbEwmjn8a93LfTLUT0uM8Zt1AOS/kMQ1mmJ3ZDe9DWxgtbt69YUtE0RGCy5IY\nQQPmDcwvZ8EE0PHARXKNiSNJbu7FrgtWZUVT/ND2SrFkO+PQJeobGuooaEROk3Hu\nQkqqe8w063XmMhIovOnDi4FBNbxDd9n6wSV4ngyjOyqunJOJ9hy1TZweNbZnGvSi\nkeL30YOHuhy6uuoxLiCnD0QlUY37WwF884/Ozxk6InL29Fo8x5JzC3+cj7bT4hr7\nc9kW5Te3qxezYiGgE+I/7VgGZhkJY+Ff6SD9NncB7QiiKDrqUvUu5ZKtFdSRi5gL\nPX8UX6nfBEny6fm9/7NQ8FcebneLe4nLGy3iLzcUvOdS8wwbav8kutBHEGEyzFkn\n6sxu1sNWtyS4W/vUlaELszaBEjinV+d5Ittjqz1Otl84+tk2/O5Rdzp/dsnEe2vu\nGBMCAwEAAaNQME4wHQYDVR0OBBYEFHGYnNHKY/cTwRD1r5nqIXxNxQrKMB8GA1Ud\nIwQYMBaAFHGYnNHKY/cTwRD1r5nqIXxNxQrKMAwGA1UdEwQFMAMBAf8wDQYJKoZI\nhvcNAQELBQADggGEAAV4cqweWxi5PvQ44PnGs+9DG7Nj7mXcdgl8f7zu1/vGEPOz\nFD4Pd3bjAwsYg92Wd5SwjytTfAjFvgVPV6NBrUlHUaD7Bvge6mKBqY/LkGzises9\nNE8tMSjFhAIrvhtgf9LdiZ1vZeKBBkRL/ZE8eV6tvmZ643TeW9xVog2dR3GPWTJy\nnkOKaBzAf/gT3yZHFnOtZfUbBVGydy/YmqBt3Nc6RKxfSr++nDYySTxV2T1U0jcb\nnehzLgk3du96BiVmEyuBcfD1tlaY6SNHyaGIzBGdKf4QDULfCDr0px2gWeRkWS7w\nsB81yI6yLxRr+kN/zHX1oDV0ufChVHlbYHLID6wK22zN4CWwJNXXPmPXoiG9kF/Z\nCXGbAJCTiER5vO40eyY1P72NOyLyqSd6KvGW1xYAlGLEhVcry8SJ6DXun2hwFV7y\nWxuT0PYISCxxy6APrg+WdjQRMbiMxP9dNRmHnbCPzYO4A1z8Iuvz5AdJltItAjJu\nZYFeyU9HcskJWkXUCISLDQ==\n-----END CERTIFICATE-----\n",
    "primaryButtonText": "Back to safety",
    "primaryParagraph": "Attackers might be trying to steal your information from <strong>ip138.com</strong> (for example, passwords, messages, or credit cards). <a href=\"#\" id=\"learn-more-link\">Learn more</a>",
    "recurrentErrorParagraph": "Warnings may be common while websites update their security. This should improve soon.",
    "show_recurrent_error_paragraph": false,
    "subject": "ip138.com",
    "tabTitle": "Privacy error",
    "textdirection": "ltr",
    "type": "SSL"
}
dfurmanov commented 4 years ago

Same problem here

9seconds commented 4 years ago

This problem is covered in README: https://github.com/scrapinghub/crawlera-headless-proxy#tls-keys If you can't inject certificate into your browser or OS, I would ask you to disable verification of TLS certificates. Please check examples how it could be done.