How to debug ERR_PROXY_CERTIFICATE_INVALID?
I ended up filing a bug report for this issue and their suggestion was to:
- Disable the proxy configuration in chrome
- Hit the proxy server as if it was a webpage
- The conventional error dialog will display allowing you to debug the certificate error.
For example, if your proxy is listening to proxy.com on port 1234 then you should hit https://proxy.com:1234/ in Chrome without the use of a proxy.
Secondly, I ended up figuring out the problem with my particular certificate. My proxy server does not have a public hostname, just a public IP address.
I was generating the certificate like this:
openssl req -x509 -newkey rsa:4096 -sha256 -days 365 -nodes -keyout server.key -out server.crt -subj /CN=<ip> -addext subjectAltName=DNS:<hostname>,IP:<ip>
Where <hostname>
was some incorrect guess of what the hostname should be.
It turns out that if Chrome references a proxy server by IP address (not hostname) then you must omit the DNS
entry from the SSL certificate. The following command-line worked for me:
openssl req -x509 -newkey rsa:4096 -sha256 -days 365 -nodes -keyout server.key -out server.crt -subj /CN=<ip> -addext subjectAltName=IP:<ip>
Related videos on Youtube
Comments
-
Gili over 1 year
I am trying to encrypt communication between Chrome with a squid forward proxy. I provided a self-signed certificate and clearly something is wrong with it because Chrome fails with ERR_PROXY_CERTIFICATE_INVALID.
Yes, I have installed the self-signed certificate into the
Trusted Root Certification Authorities
.Is there a way to get a hint from Chrome regarding what it did not like about the certificate?