tech.safesquid.com

SafeSquid SWG Community Support
http://tech.safesquid.com/forum/

FACING PROBLEM TO OPEN A SITE IN SAFESQUID SWG SERVER VIA FIREFOX BROWSER # UNABLE TO GET ISSUER CERTIFICATE LOCALLY

http://tech.safesquid.com/forum/viewtopic.php?f=34&t=1980

Page 1 of 1

FACING PROBLEM TO OPEN A SITE IN SAFESQUID SWG SERVER VIA FIREFOX BROWSER # UNABLE TO GET ISSUER CERTIFICATE LOCALLY

Posted: Tue Oct 05, 2021 12:15 pm
by shubhamsarve0777
## FIRST ##:-
# When I try to access this site i,e < https://eportal.incometax.gov.in/ > in Firefox via proxy its giving me this Safesquid template
(That mentioned in below Screenshot )




ss2.png
ss2.png (23.39 KiB) Viewed 7164 times



##SECOND## :-

#when I try to access same site without proxy i.e chrome browser its working



ss4.png
ss4.png (103.52 KiB) Viewed 7164 times

#So please give me the solution on this , That how do I access this site via proxy

Re: FACING PROBLEM TO OPEN A SITE IN SAFESQUID SWG SERVER VIA FIREFOX BROWSER # UNABLE TO GET ISSUER CERTIFICATE LOCA

Posted: Thu Oct 07, 2021 9:36 am
by poojachoudhary52
X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY: unable to get local issuer certificate

Any browser application, when tries to connect to a website via proxy, the proxy imitates itself as the website, like a clone. For a proxy to depict itself as the exact same website, it has to connect to the actual website. During this process, the website and proxy do an SSL handshake where the exchange and validation of the SSL certificates are done. Therefore, the proxy has a bundle of trusted certificates that are known to it.

Hence, when SafeSquid (proxy) receives an SSL certificate from the website, there might be times when the certificate chain is broken or misconfigured in the middle. Now, the error "ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY" means either the certificate chain received from the website is not trusted by SafeSquid, or it cannot find the root issuer.

To resolve this issue, follow the steps below.

We need to add a certificate that is stored in the SafeSquid trusted bundle.

In the putty session, log in with "root" and go to the path:
$ cd /var/db/safesquid/ssl/badcerts/incometax.gov.in

To open and view this certificate, follow the command:
$ cat eportal.incometax.gov.in

Copy the certificate from the line "----BEGIN CERTIFICATE----" till the bottom line "----END CERTIFICATE----" and paste this into a notepad.

Again in the putty session, go to the path:
$ cd /usr/local/safesquid/ssl/trusted

To create a file in this folder, follow the command:
$ nano eportal.incometax.gov.in.crt

Copy the certificate from notepad and paste it into this file

Press ctrl+o to save and ctrl+x to exit the file.

Now, restart SafeSquid with the command:
$ /etc/init.d/safesquid restart

And finally, hard restart the browser. The website should work fine now.
All times are UTC
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/