GoAgent Import CAEn
For https websites, GoAgent obtains the content through the GAE service, and then re-encrypts it and returns it to the browser. So the certificate for https has to be regenerated.
The browser needs to import GoAgent's certificate, otherwise it will encounter Certificate Error.
- CA status: Fail is not necessarily a certificate error, it may be a browser cache problem.
- Chrome: Ctrl + F5; Other browsers: [Bypass browser cache](https://zh.wikipedia.org/wiki/Help:%E7%BB%95%E8%BF%87%E6%B5%8F%E8%A7%88 %E5%99%A8%E7%BC%93%E5%AD%98)
Path to GoAgent certificate: After the first startup, the data\gae_proxy\CA.crt certificate will be generated. Under normal circumstances, XX-Net will import the certificate into the browser, if the browser has been started, please try to restart the browser.
In some cases, the import fails (for example, the Firefox browser under the windows system, for example, nss3-tools is not installed on linux), and the certificate needs to be imported manually.
The certificate of PHP_proxy is independent. Under data\php_proxy, if you use PHP and prompt a certificate question, please also import the certificate of PHP_proxy.
- If there is a problem with the automatic import, open the XX-Net folder, find the "CA.crt" certificate in the data\gae_proxy directory, and double-click to open it
- Install the certificate
- Next step
- Select "Place all certificates in the following store" - Browse
- Select "Trusted Root Certification Authorities"
- Click OK to finish. You may need to restart your browser or operating system.
- If there is a problem with the automatic import, you can use manual import for the Chrome browser.
- Click on the "settings" option of the browser
- Select "Manage Certification" under the "HTTP/SSL" option
- Select "Authorities", click "Import", go to the XX-Net decompression folder, find the "CA.crt" certificate in the GoAgent\Data\GoAgent directory, and import it.
sudo trust anchor --store /opt/XX-Net/data/gae_proxy/CA.crtcreate folder
mkdir -p ~/.pki/nssdb
Manually import the certificate into the database
certutil -d sql:. -A -t "C,," -n "GoAgent XX-Net - GoAgent" -i "/pathto/CA.crt"
If it fails, you can try to change the password of the certificate database, which can be changed to empty
modutil -changepw "NSS Certificate DB" -dbdir ~/.pki/nssdb
View certificate:
certutil -L -d sql:~/.pki/nssdb
To delete a certificate:
certutil -d sql:~/.pki/nssdb -D -n "GoAgent XX-Net - GoAgent"
- Open Settings - System Security - Install Credentials (Certificates) from SD Card.
- Enter XX-Net/data/gae_proxy in sequence, select CA.crt under this directory, enter any name, and press OK.
- If the certificate imported by the above method is invalid, you can download Root Certificate Manager and use this software to import the certificate into the system
Note: The Ios mobile terminal can only install the certificate by opening the CA.crt attached to the email through the built-in email program. It has been verified that the attached CA.crt cannot be opened when the browser logs in to the mailbox.
- Log in to the mailbox on other devices (PC), and send CA.crt as an attachment to other mailboxes. CA.crt address: XX-Net/data/gae_proxy/CA.crt.
- In the IPAD/IPHONE "mail" program, set the account as the email account in the first step, and wait for the automatic synchronization of emails to the local.
- Find the email sent in the first step, click the attachment, and the installation will be prompted automatically. You need to enter the IPAD/IPHONE password, and the installation will be successful after confirmation.
Firefox (Firefox) browser: For detailed graphic and text guidance, see Use Firefox browser#Manually import certificates.
Chrome (Google) browser: For detailed graphic and text guidance, see Use Chrome browser#Manually import certificates.
General steps:
- Click the menu button of the browser (usually in the upper right corner), and find the "Preferences" or "Settings" of the browser
- Find the settings related to "Certificate" or "Security" (may be hidden in the "Advanced" tab), click "View Certificate", select "Certificate Authority" in the certificate manager, and click "Import".
- In the XX-Net folder, find the "CA.crt" certificate in the data\gae_proxy directory and import it.
- In the pop-up window, select "Trust websites identified by this CA" and confirm.
- Try to access https://www.google.com/ or https://www.facebook.com/ to check whether the certificate is imported successfully.
In Unix and GNU/Linux, most HTTP applications support calling environment variables http_proxy and https_proxy for proxying. In addition, there is no uniform standard for the case of the environment variable, and some programs only support environment variables in all uppercase. So for convenience, just add the following in ~/.bash_profile or ~/.zshenv: export http_proxy=http://127.0.0.1:8087/ export https_proxy=$http_proxy export HTTP_PROXY=$http_proxy export HTTPS_PROXY=$HTTP_PROXY
Then execute the following command to import the certificate, taking archlinux as an example:
ln -s /opt/XX-Net/data/gae_proxy/CA.crt /etc/ca-certificates/trust-source/anchors/GoAgent.crt
trust extract-compat