Proxomitron certificate expired :( where can i get a new one?

Discussion in 'privacy technology' started by iceni60, Nov 28, 2006.

Thread Status:
Not open for further replies.
  1. iceni60

    iceni60 ( ^o^)

    Joined:
    Jun 29, 2004
    Posts:
    5,116
    i just had a popup saying the proxomitron certificate has expired, today i think, does it really matter? i'll have a look for a new one in a while and post the url. or if anyone knows a good certificate can you post the link? thanks.
     
    Last edited: Nov 28, 2006
  2. nick s

    nick s Registered Member

    Joined:
    Nov 20, 2002
    Posts:
    1,430
    Hi ice,

    Grypen's latest SSLPack includes new certs (valid for another year): Index of /~grypen/Downloads.

    Nick
     
  3. iceni60

    iceni60 ( ^o^)

    Joined:
    Jun 29, 2004
    Posts:
    5,116
    great, thanks Nick :cool: i'll go and get it now. i hope you are well :)
     
  4. cerberus

    cerberus Registered Member

    Joined:
    Nov 15, 2006
    Posts:
    10
    Also

    http://www.geocities.com/sidki3003/prox-ssl.html

    includes

     
  5. iceni60

    iceni60 ( ^o^)

    Joined:
    Jun 29, 2004
    Posts:
    5,116
    if anyone's interested in verifying the certificate download you can do it like this if you have GPG installed -

    download SSLPack-Grypen20061121.exe and SSLPack-Grypen20061121.exe.sig

    then open a command prompt and go to the folder where you downloaded the above, then do these commands (you have to use the cd command to get the folder where you downloaded the files) it should be something like this -
    cd c:\windows\path\to\downloads

    gpg SSLPack-Grypen20061121.exe.sig this gives you the key ID - 53F79CF2

    gpg --keyserver subkeys.pgp.net --recv 53F79CF2 this imports the key

    gpg --verify SSLPack-Grypen20061121.exe.sig SSLPack-Grypen20061121.exe this verifies the *.exe

    gpg --fingerprint 53F79CF2 this shows the key is from who it says it's from.

    that's how i've always done it and i think it's the correct way :)

    i took a picture, it looks good, i don't know who Paul Lemming is though o_O
     

    Attached Files:

    Last edited: Nov 28, 2006
  6. iceni60

    iceni60 ( ^o^)

    Joined:
    Jun 29, 2004
    Posts:
    5,116
  7. iceni60

    iceni60 ( ^o^)

    Joined:
    Jun 29, 2004
    Posts:
    5,116
    Last edited by a moderator: Nov 28, 2006
  8. TNT

    TNT Registered Member

    Joined:
    Sep 4, 2005
    Posts:
    948
    Re: how do you verify something with GPG and a *.sig?

    The URL doesn't exist. Anyway, it's gpg --verify signature.sig
     
  9. herbalist

    herbalist Guest

    Re: how do you verify something with GPG and a *.sig?

    Paul "Grypen" Leeming
    http://www.users.on.net/~grypen/
     
  10. iceni60

    iceni60 ( ^o^)

    Joined:
    Jun 29, 2004
    Posts:
    5,116
    Re: how do you verify something with GPG and a *.sig?

    which url o_O this one -
    https://www.wilderssecurity.com/showthread.php?p=891575#post891575

    anyway, i tried to delete that post and start a new thread about it, mustn't of happened lol. i'm abit confused atm, i'll have to close some windows and programs i have too many things going on, i'm not sure what's happening lol i thought i was in a different thread :blink:
     
  11. Bubba

    Bubba Updates Team

    Joined:
    Apr 15, 2002
    Posts:
    11,271
    Re: how do you verify something with GPG and a *.sig?

    To help with your confusion....the PM sent ~ 30 minutes ago made mention of the thread you started was merged into this ongoing thread.
     
  12. SirMalware

    SirMalware Registered Member

    Joined:
    Jun 6, 2006
    Posts:
    133
    Opera has detected problems with server's certificate:
    The server name does not match the certificate name.
    Sending sensitive infomation through this connection is not safe!


    Firefox doesn't like the new files either.
     
  13. herbalist

    herbalist Guest

    The MD5 signature of the certificate is different than the original. Since Grypen issued it, he also signed it, which changed the MD5 signature. You just need to tell your browser to accept it. If you use the "roll your own ProxCert" you can use any name you want with it, but your browser will alert on the name change and resulting signature change. There's nothing wrong with the certificate itself.
    With Sea Monkey, the alert looks like this. Firefox will be quite similar.
    http://i138.photobucket.com/albums/q277/herbalist-rick/prcert2.gif
    Clicking on "Examine Certificate" brings you to this screen.
    http://i138.photobucket.com/albums/q277/herbalist-rick/Prcert1.gif
    By selecting "Accept this certificate permanently" Your browser will accept it as valid. It could still alert you when it expects one from a different site but gets this one from Proxomitron. That's not a problem as Proxomitron also checks certificates from websites.
    With IE6, you'll see this screen with a new proxcert.pem file.
    http://i138.photobucket.com/albums/q277/herbalist-rick/PRIE2.gif
    Clicking on "View Certificate" will bring you to this screen, from which you can install the certificate.
    Opera should have some kind of similar procedure.
    http://i138.photobucket.com/albums/q277/herbalist-rick/prIE1.gif
    Once you install the new certificate, your browser will stop promting about it. This is just something Proxomitron users need to do once a year. I suggest picking up the "roll your own" script, in case a time comes when a replacement isn't available online or if you just want to use/install a certificate signed by you.
    Rick
     
  14. SirMalware

    SirMalware Registered Member

    Joined:
    Jun 6, 2006
    Posts:
    133
    Both browsers will install it, however in the end, the https:// webpage is not encrypted. The browser message states that "www.abcdefg.com and the Proxomitron certificates do not match. This could be a security risk." Both browsers refuse to encrypt the webpage.

    Edit:
    I just used proxcert-MakeCert.bat Same thing.
     
    Last edited: Nov 29, 2006
  15. herbalist

    herbalist Guest

    Does the message you get look something like this?
    http://i138.photobucket.com/albums/q277/herbalist-rick/mismatch.gif
    When running thru Proxomitron, your browser doesn't get the sites certificate. It gets Proxomitrons, which will not match the one from the site. Proxomitron also checks the sites certificate. If the sites certificate is invalid, Proxomitron will alert you directly, not thru your browser.
    I just test installed Grypens SSL pack,then went to an encrypted page. Although I did get the above alert, the page is still encrypted. Works fine on both IE6 and Sea Monkey.
     
  16. herbalist

    herbalist Guest

    You can test your browser SSL encryption here.
     
  17. SirMalware

    SirMalware Registered Member

    Joined:
    Jun 6, 2006
    Posts:
    133
    Yes, that is the exact dialog box I receive. In the address window, the lock icon remains unlocked indicating a non-encrypted webpage.
     
  18. SirMalware

    SirMalware Registered Member

    Joined:
    Jun 6, 2006
    Posts:
    133
    Yes, it shows AES cipher, 256-bit key with Proxomitron.
    However, going there without Proxomitron directly through Opera, the browser indicates that the encryption at the site is weak and only gives the connection a 1 out of 3 in terms of encryption strength.
     
  19. herbalist

    herbalist Guest

    When you bypass Proxo, what strength key does that site show for encryption being used? Both of my browsers show a lock on that site and most other https sites. What did FireFox show? I have no idea about how Opera rates site encryption or what figures into their rating. Someone more familiar with Opera will have to address that one.
    Rick
     
  20. SirMalware

    SirMalware Registered Member

    Joined:
    Jun 6, 2006
    Posts:
    133
    With Proxo, Firefox 2.0 shows AES cipher, 256-bit key However the lock is unlocked and double-clicking on the lock states: Connection Partially Encrypted. "Parts of the page you are viewing were not encrypted before being transmitted over the Internet."

    Without Proxo, Firefox 2.0 shows AES cipher, 256-bit key. The lock icon is locked indicating High-Grade Encryption.

    Using Proxo with Firefox on other https websites always shows the lock icon unlocked.
     
  21. herbalist

    herbalist Guest

    Open Proxo, then click "config", then the "HTTP" tab. Is the box "Use SSLeay/Open SSL..." checked? Did you shut Proxomitron down before you installed Grypens SSL pack? Are you using any type of proxy switching software or extension or using a proxy service?
    How do you have your browsers and systems proxy settings configured? The interface for Firefox should be very much like this one.
    http://i138.photobucket.com/albums/q277/herbalist-rick/Mozillaproxy.gif
    These are the default settings for use with Proxomitron. The setup for windows/internet explorer are much the same.
    From Win98:
    http://i138.photobucket.com/albums/q277/herbalist-rick/sysproxy.gif
    Rick
     
  22. SirMalware

    SirMalware Registered Member

    Joined:
    Jun 6, 2006
    Posts:
    133
    All configurations ok.
     
  23. herbalist

    herbalist Guest

    Do you have separate firewall rules for http and https traffic for your browser or Proxomitron? The rules will have to allow Proxomitron to connect out with ports 80 and 443.
    I'm running out of ideas as I can't duplicate your results no matter what I try. Best I can tell, all the content on that test site is encrypted.
    Rick
     
  24. SirMalware

    SirMalware Registered Member

    Joined:
    Jun 6, 2006
    Posts:
    133
    No special firewall rules. Thanks anyway. :)
     
  25. Mele20

    Mele20 Former Poster

    Joined:
    Apr 29, 2002
    Posts:
    2,495
    Location:
    Hilo, Hawaii
    Why are you guys using SSL for Proxo? Scott was leary of it and warned not to use it and I have never used it and will never. So, I don't have to worry about Proxo certs. :D I would be afraid to not bypass Proxo when banking. I trust Fx to handle the SSL certs properly. I do not trust Proxo. I use Sidki's filters and they are great...but not for SSL....just my opinion.
     
Loading...
Thread Status:
Not open for further replies.