Error 136 (net::ERR_PROXY_CERTIFICATE_INVALID): Unknown error. #6

Closed
ccp999 opened this Issue Sep 17, 2012 · 12 comments

Projects

None yet

6 participants

@ccp999
ccp999 commented Sep 17, 2012

Hi,

I can't follow your demo to setup my local spdyproxy working on osx.

I already have my certificate in my keychain being trusted. Node is 0.8.9.

spdyproxy running:

spdyproxy -k mykey.pem -c mycert.pem -p 44300 -v
Started SPDY proxy, port: 44300 (v. 0.2.1)

and pac file:

function FindProxyForURL(url, host) {
return "HTTPS 127.0.0.1:44300";
}

and by running chrome, it keep showing:

iTags-MacBook-Pro:~ ccp999$ "/Applications/Google Chrome.app/Contents/MacOS/Google Chrome" --proxy-pac-url=file://sers/ccp999/config.pac --use-npn
Sep 17 13:58:15 iTags-MacBook-Pro.local Google Chrome Helper[7092] : CGSLookupServerRootPort: Failed to look up the port for "com.apple.windowserver.active" (1100)
Sep 17 13:58:21 iTags-MacBook-Pro.local Google Chrome Helper[7103] : CGSLookupServerRootPort: Failed to look up the port for "com.apple.windowserver.active" (1100)

and when browsing anything: Chrome shows

Error 136 (net::ERR_PROXY_CERTIFICATE_INVALID): Unknown error.

what is wrong?

Thanks in advance!

Brendan

@igrigorik
Owner

Unfortunately, I can't say from that error.. It means Chrome rejected the certificate. If you signed your certificate for "localhost", then make sure you access it as such. If the cert is signed for a specific domain, then you must access the proxy through that domain.

@ccp999
ccp999 commented Sep 17, 2012

I used the command you provided:

openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout mykey.pem -out mycert.pem

I didn't specify any hostname or localhost ..etc. what should I put in?
I tried both 'localhost' and 127.0.0.1 and didn't work.

@igrigorik
Owner

Instead of generating the certificate, have you tried using the provided sample certs? Import those into your keychain and make sure that they work without errors.

@cyrus-and

Same issue; here's what I've done:

$ git clone git://github.com/igrigorik/node-spdyproxy.git
$ cd node-spdyproxy/
$ npm install
$ bin/spdyproxy -k keys/mykey.pem -c keys/mycert.pem -p 44300 &
$ google-chrome --proxy-pac-url=file:///home/cyrus/repos/node-spdyproxy/pac/secure-browsing.pac --use-npm

Any ideas?

@igrigorik
Owner

You may need to regenerate the certificate (it may have expired), and make sure that the specified hostname matches the name you're accessing it through. See instructions in the readme for how to generate the cert.

@cyrus-and

Ok, tried with:

$ openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout mykey.pem -out mycert.pem
$ bin/spdyproxy -k mykey.pem -c mycert.pem -p 44300

Same as above.

and make sure that the specified hostname matches the name you're accessing it through

What do you mean with that? The only place where I see localhost is the bundled secure-browsing.pac (tried with 127.0.0.1 too).

@peteroconnor

My experience is that you have to set the Common Name correctly, in order for Chrome to accept a self-signed certificate.

@cyrus-and

@peteroconnor, I tried to put localhost in there; same as above.

Chrome usually shows me the red warning page for others self-signed certs, but that's not the case.

Edit: The issue persists even using an existing cert that surely works with nginx.

@peteroconnor

I haven't tried "localhost", but I self-signed an ip address and it worked.

The ssl icon in Chrome has to be green, not a crossed lock.

Of course, I have to open with safari to add the certificate to the keychain first.

在 2012年10月12日,上午2:56,Andrea Cardaci notifications@github.com 写道:

@peteroconnor, I tried to put localhost in there; same as above.

Chrome usually shows me the red warning page for others self-signed certs, but that's not the case.


Reply to this email directly or view it on GitHub.

@cyrus-and

OK, the tricky part was adding the certificate to Chrome, here's how I solved:

certutil -d "sql:$HOME/.pki/nssdb" -A -n dummy -i certificate.pem -t C

It may be useful adding it to the readme IMHO.

@bhyde
bhyde commented Mar 8, 2013

Setting the Common Name to the host name of the proxy server fix this problem for me.

@igrigorik igrigorik closed this Mar 23, 2013
@booxood
booxood commented Nov 2, 2014

Occasionally appear this problem,a little puzzling...
Have similar?
Can solution?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment