Reference Citations - HerongYang.com - v2.91, by Dr. Herong Yang
Bug 378637 - Add support for connecting to HTTP proxy over HTTPS
'Importing CA Certificate into Firefox' tutorial was cited in a Bugzilla@Mozilla bug discussion in 2015.
The Importing CA Certificate into Firefox tutorial was cited in a Bugzilla@Mozilla bug discussion in 2015.
Subject: Bug 378637 - Add support for connecting to HTTP proxy over HTTPS Date: Mar 13, 2015 Author: Patrick McManus Source: https://bugzilla.mozilla.org/show_bug.cgi?id=378637 >@Xander D Harkness, > >I tried the same as you instructed, but without any luck. The ssl >proxy does not work for me. > >I’m using squid-3.4.10, configured below: >http_port 8080 >https_port 8443 cert=/path/to/cert.pem > >When I set my chrome to connect to port 8080, it works. but when I >used 8443 the https_port, it does not. The error is below: ... toddy.sun - it sounds like your proxy has an invalid cert according to your trust list. you've got at least 3 choices 1] add CA signing cert used to create the proxy cert to your root store.. there are lots of tutorials for this on the web (http://www.herongyang.com/Cryptography/Web-Browser-Firefox-Import-CA- Certificate.html) 2] get yourself a cert firefox considers valid by default. startssl.com will do that for you for free. 3] you can do a TOFU exception for the proxy case, but you have to do it a little differently. a] turn off the proxy use in firefox. b] put https://PROXYNAME:PROXYPORT/ in the location bar (use the same name and port number as you have configured in the PAC - you can't use ip addresses or default ports.. you can't use ip addresses because they can't be verified by the PKI and exceptions are stored per port. c] override the cert warning and perm. store the exception. The response you get will be meaningless as you are now addressing the proxy port as if it was an endpoint d] turn the proxy back on and use it.
Table of Contents