[Privoxy-devel] Server certificate verification failed

Lee ler762 at gmail.com
Mon Jan 25 09:22:04 UTC 2021 

On 1/25/21, Hớ Hờ Hợ <kjllmeplz at gmail.com> wrote:
> You need to add this cert to your trustedCAs.pem file manually .

But why?  I haven't had this problem with any other site.

https://curl.se/docs/caextract.html
says it's the Mozilla CA certificate store in PEM format.  Firefox
doesn't complain about the cert if I don't have privoxy playing https
man-in-the-middle, so if Privoxy is using the Mozilla cert store, why
is it complaining about the cert?

> In your case,

That's what I'm wondering.  Is it just me or does everybody else see
the same thing?

If it's just me I'll have to figure out what I did wrong.
If it's everybody, what's special about this site/cert that it
validates in Firefox but doesn't validate with Privoxy?

Thanks
Lee

> Vào Th 2, 25 thg 1, 2021 vào lúc 03:08 Lee <ler762 at gmail.com> đã viết:
>
>> With https-inspection enabled, I get a certificate error for
>> https://www.theworld.com/
>>
>> Server certificate verification failed
>>
>> Privoxy was unable to securely connect to the destination server.
>>
>> Reason: The certificate is not correctly signed by the trusted CA
>>
>> cert. version     : 3
>> serial number     : 25:C2:BE:2B:17:49:94:87:F1:B7:18:90:B4:68:04:F3
>> issuer name       : C=GB, ST=Greater Manchester, L=Salford, O=Sectigo
>> Limited, CN=Sectigo RSA Organization Validation Secure Server CA
>> subject name      : C=US, postalCode=02135, ST=Massachusetts,
>> L=BOSTON, ??=696 WASHINGTON ST, O=STD INC, CN=*.theworld.com
>> issued  on        : 2020-09-08 00:00:00
>> expires on        : 2021-09-09 23:59:59
>> signed using      : RSA with SHA-256
>> RSA key size      : 2048 bits
>> basic constraints : CA=false
>> subject alt name  : *.theworld.com, theworld.com
>> key usage         : Digital Signature, Key Encipherment
>> ext key usage     : TLS Web Server Authentication, TLS Web Client
>> Authentication
>>
>>
>> hrmm... my trustedCAs.pem is kind of old, so get a new copy from
>> https://curl.se/ca/cacert.pem
>> .. site is still untrusted
>> restart privoxy
>> .. site is still untrusted
>> add this to my user.action
>>
>> { -https-inspection }
>> .theworld.com/
>>
>> and no problems connecting using firefox.
>>
>> Anyone else have this problem?
>>
>> Thanks
>> Lee

More information about the Privoxy-devel mailing list