Skip to content

Getting CERT_TRUST_REVOCATION_STATUS_UNKNOWN with BrowserMobProxyServer defaults or dynamically generated certificate #913

New issue
New issue
Open
Open
Getting CERT_TRUST_REVOCATION_STATUS_UNKNOWN with BrowserMobProxyServer defaults or dynamically generated certificate#913
@joffrey-bion

Description

@joffrey-bion
joffrey-bion
opened on Nov 3, 2024

I'm using the default proxy config:

BrowserMobProxyServer().start(53021)

And I extracted ca-certificate-rsa.cer from the BrowserMob resources.

Running the following curl command, I'm getting CERT_TRUST_REVOCATION_STATUS_UNKNOWN:

$ curl -v --cacert "ca-certificate-rsa.cer" -x "http://localhost:53021" "https://ip.oxylabs.io"
* Host localhost:53021 was resolved.
* IPv6: ::1
* IPv4: 127.0.0.1
*   Trying [::1]:53021...
* CONNECT tunnel: HTTP/1.1 negotiated
* allocate connect buffer
* Establish HTTP proxy tunnel to ip.oxylabs.io:443
> CONNECT ip.oxylabs.io:443 HTTP/1.1
> Host: ip.oxylabs.io:443
> User-Agent: curl/8.10.1
> Proxy-Connection: Keep-Alive
>
< HTTP/1.1 200 Connection established
< Connection: keep-alive
< Via: 1.1 browsermobproxy
<
* CONNECT phase completed
* CONNECT tunnel established, response 200
* schannel: disabled automatic use of client certificate
* schannel: added 1 certificate(s) from CA file 'ca-certificate-rsa.cer'
* schannel: CertGetCertificateChain trust error CERT_TRUST_REVOCATION_STATUS_UNKNOWN
* closing connection #0
curl: (60) schannel: CertGetCertificateChain trust error CERT_TRUST_REVOCATION_STATUS_UNKNOWN
More details here: https://curl.se/docs/sslcerts.html

curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the webpage mentioned above.

I looked into the certificate itself using openssl x509 -in ca-certificate-rsa.cer -text -noout, and I can indeed find no revocation information (neither OCSP nor CRL Distribution Points info).

I tried to instead generate the CA certificate on the fly by following the MITM README:

fun main() {
    val rootCertificateGenerator = RootCertificateGenerator.builder().build()
    rootCertificateGenerator.saveRootCertificateAsPemFile(File("./temp-proxy-cert.pem"))

    val mitmManager = ImpersonatingMitmManager.builder()
        .rootCertificateSource(rootCertificateGenerator)
        .build()

    val server: BrowserMobProxy = BrowserMobProxyServer()
    server.setMitmManager(mitmManager)
    server.start(53021)
}

But I still get the same CERT_TRUST_REVOCATION_STATUS_UNKNOWN error with curl -v --cacert temp-proxy-cert.pem -x "http://localhost:53021" "https://ip.oxylabs.io".

I'm quite a beginner with proxies. Is there something obvious that I'm doing wrong?

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions