SSLProxy changing default certs doesn't work: "error loading CA cert from '/etc/sslproxy/ca.crt': Invalid argument Error"
Opened this issue · 1 comments
swiftbird07 commented
Hello,
as the default ca.crt doesn't seem to work when installing as trusted root in Ubuntu, I tried changing the certs in SSLProxy to the ones I know that worked with SSLsplit (and therefore I guess with SSLProxy too).
But changing the config to include them or just replacing them (tried both) results in the following error:
/usr/local/bin/sslproxy: error loading CA cert from '/etc/sslproxy/ca.crt':
Invalid argument
Error in conf: 'CACert' on line 12
Error in conf file '/var/log/utmfw/tmp/sslproxy.conf.Om4SYF'
Config:
[...]
# Use CA cert (and key) to sign forged certs.
# Equivalent to -c command line option.
CACert /etc/sslproxy/ca.crt
# Use CA key (and cert) to sign forged certs.
# Equivalent to -k command line option.
CAKey /etc/sslproxy/ca.key
[...]
Is there maybe something wrong with my certificates?
sonertari commented
You can enable the DEBUG_CERTIFICATE feature switch in Mk/main.mk to debug certificate issues (DEBUG_OPTS may help too, but I guess you have already turned it on).
I'd also recommend to regenerate the certificates on the UTMFW WUI, System>Config>Init. The ones generated by UTMFW itself are supposed to work fine.