Bug 378637 - Add support for connecting to HTTP proxy over HTTPS

∟Reference Citations in 2015

∟Bug 378637 - Add support for connecting to HTTP proxy over HTTPS

'Importing CA Certificate into Firefox' tutorial was cited in a Bugzilla@Mozilla bug discussion in 2015.

The Importing CA Certificate into Firefox tutorial was cited in a Bugzilla@Mozilla bug discussion in 2015.

Subject: Bug 378637 - Add support for connecting to HTTP proxy over HTTPS
Date: Mar 13, 2015
Author: Patrick McManus
Source: https://bugzilla.mozilla.org/show_bug.cgi?id=378637

>@Xander D Harkness,
>
>I tried the same as you instructed, but without any luck. The ssl
>proxy does not work for me.
>
>I’m using squid-3.4.10, configured below:
>http_port 8080
>https_port 8443 cert=/path/to/cert.pem
>
>When I set my chrome to connect to port 8080, it works. but when I
>used 8443 the https_port, it does not. The error is below:

...

toddy.sun - it sounds like your proxy has an invalid cert according
to your trust list. you've got at least 3 choices

1] add CA signing cert used to create the proxy cert to your root
store.. there are lots of tutorials for this on the web
(https://www.herongyang.com/Cryptography/Web-Browser-Firefox-Import-CA-
Certificate.html)

2] get yourself a cert firefox considers valid by default.
startssl.com will do that for you for free.

3] you can do a TOFU exception for the proxy case, but you have to
do it a little differently.

 a] turn off the proxy use in firefox.

 b] put https://PROXYNAME:PROXYPORT/ in the location bar (use the
    same name and port number as you have configured in the PAC - you
    can't use ip addresses or default ports.. you can't use ip
    addresses because they can't be verified by the PKI and exceptions
    are stored per port.

 c] override the cert warning and perm. store the exception. The
    response you get will be meaningless as you are now addressing the
    proxy port as if it was an endpoint

 d] turn the proxy back on and use it.