Threaded Mode | Linear Mode

***ProxRocks*** · Sep. 24, 2008, 11:17 AM

(EDIT: Thread moved to General Security forum, it doesn't deal with filters, not even "Others".)

see here:
http://tech.groups.yahoo.com/group/prox-...sage/24003

new proxcert.pem good 9/23/08 thru 9/23/2009...

43unite · Sep. 24, 2008, 03:04 PM

Got it. Thank you for the heads-up!

Oddysey · Sep. 24, 2008, 06:26 PM

ProxRocks;

Thanks, but that site requires a log-in.......

Any other sites that have the new cert, without the attendent BS?

Oddysey

43unite · Sep. 24, 2008, 08:36 PM

I've uploaded
.zip

proxcert_20080923.zip (Size: 1.39 KB / Downloads: 1088) the proxcert_20080923.zip file that I obtained from the above link.

Oddysey · Sep. 29, 2008, 03:10 AM

43;

Quote:I've uploaded the proxcert_20080923.zip file that I obtained from the above link.

Thanks! Got it just fine, ready to install it when my current one runs out. (It's good until sometime in October, if I recall correctly. Confused

)

Oddysey

***ProxRocks*** · Nov. 24, 2008, 03:52 PM

i've never worried too much about "proxcert.pem", i can always "roll my own" from instructions on sidki's site...

now then, what about "certs.pem", i'm curious how i/we go about creating our own one of those...

sidki walked me through it on e-mail once, but now we are sidki-less - i'm still going through the archives to see if i saved that e-mail [odds are high, but it's also a needle in a haystack]...

has anyone here ever created their own "certs.pem"?

Graycode · Nov. 24, 2008, 05:57 PM

(Nov. 24, 2008 03:52 PM)ProxRocks Wrote: now then, what about "certs.pem", i'm curious how i/we go about creating our own one of those...

That's in the Proxo 4.5 /Docs/ReadMe.txt where it says "First extract the ones to convert..."

***ProxRocks*** · Nov. 24, 2008, 07:42 PM

update: 'tis NOT as "cut-and-dry" as the ReadMe makes it out to be (errors on some SSL sites with self-created .pem's made per ReadMe "instructions")...

so again i enquire, has anyone had any success in creating their own certs.pem?

***z12*** · Nov. 24, 2008, 10:10 PM

ProxRocks Wrote:so again i enquire, has anyone had any success in creating their own certs.pem?

Haven't tried to yet.

ProxRocks Wrote:'tis NOT as "cut-and-dry" as the ReadMe makes it out to be

Did you cross your fingers, as per the instructions? Smile!

z12

***ProxRocks*** · Nov. 24, 2008, 10:54 PM

lol, yep, sure did...

i'm 99.9% positive that sidki had e-mailed me a step-by-step that resulted in a 100% functioning output...

and it didn't require any crossed fingers, lol...

i guess my "concern" is that Windows Update issued a November 2008 Root Certificates Update, so "technically", certs.pem is officially "out-dated" (i'm thinking there was a September Root Cert. Update also, don't recall offhand)...

doesn't mean we "need" a newer certs.pem, but it does ponder the thought that "someday" we will... and that i'd prefer to know how to create it BEFORE that day arrives Big Teeth

Graycode · Nov. 25, 2008, 05:38 AM

I'm curious what the problem is. Did your new certs.pem file work for some sites but not for others?

***ProxRocks*** · Nov. 25, 2008, 10:20 AM

correct, i was able to surf around on four or five of my secure sites, but one popped up a certificate warning asking to "allow", "allow for session", or "deny"...

Graycode · Nov. 25, 2008, 09:15 PM

The use of Intermediate CA may have grown since Proxo was last built. I wonder if doing the same process with the Intermediate CA as you did with the Root CA could fix your issues. Append the PEM file created from the Intermediate onto the back of the certs.pem that you already have.

Technically, I think each Intermediate is chained either to another Intermediate or to a trusted Root CA. If chained to another Intermediate then eventually that chain must find its way to a trusted Root. I think I remember reading somewhere there was somewhat recent OpenSSL changes on how that trust determination is invoked, maybe those changes were after Proxo.

What versions of LibEay32 and SslEay32 are you using in Proxo? That may have a bearing on things.

Hopefully someone else will have some better ideas for you.

***ProxRocks*** · Nov. 26, 2008, 05:24 PM

my .dll's are 0.9.8 dated 9/26/2006...

so that brings another question, the "current" files are 0.9.8i dated 9/15/2008...

so i'm growing increasingly curious as to how we can update Proxo's cert-related files without someone like sidki around...

Graycode · Nov. 26, 2008, 08:01 PM

You probably got that modified version 0.9.8 dated 9/26/2006 from Sidki's site. In the same zip that contained those DLL's is a file "openssl-readme.txt", which is attached to this post. It mentions incompatibility between what Proxo coded for in 0.9.6 vs. newer OpenSSL versions.

Your problem may or may not be related to that. It could be something with an Intermediate CA, or your new certs.pem excluded one of the needed Root CA, or it could be a lot of other things.

If you mention the https site(s) that failed maybe it would clue someone else more familiar with the issues.