Skip to content

GoAgent Import CAEn

Michael-X-Net edited this page Feb 3, 2023 · 1 revision

How to import the certificate

illustrate:

For https websites, GoAgent obtains the content through the GAE service, and then re-encrypts it and returns it to the browser. So the certificate for https has to be regenerated.

The browser needs to import GoAgent's certificate, otherwise it will encounter Certificate Error.

Path to GoAgent certificate: After the first startup, the data\gae_proxy\CA.crt certificate will be generated. Under normal circumstances, XX-Net will import the certificate into the browser, if the browser has been started, please try to restart the browser.

In some cases, the import fails (for example, the Firefox browser under the windows system, for example, nss3-tools is not installed on linux), and the certificate needs to be imported manually.

The certificate of PHP_proxy is independent. Under data\php_proxy, if you use PHP and prompt a certificate question, please also import the certificate of PHP_proxy.

Windows manually import the certificate

  1. If there is a problem with the automatic import, open the XX-Net folder, find the "CA.crt" certificate in the data\gae_proxy directory, and double-click to open it
  2. Install the certificate
    Display certificate information after opening
  3. Next step
    Click Next
  4. Select "Place all certificates in the following store" - Browse
    Select "Put all certificates into the following storage" - Browse
  5. Select "Trusted Root Certification Authorities"
    Select "Trusted Root Certification Authorities"
  6. Click OK to finish. You may need to restart your browser or operating system.
    Completed

ubuntu manually import the certificate

  1. If there is a problem with the automatic import, you can use manual import for the Chrome browser.
  2. Click on the "settings" option of the browser
  3. Select "Manage Certification" under the "HTTP/SSL" option
  4. Select "Authorities", click "Import", go to the XX-Net decompression folder, find the "CA.crt" certificate in the GoAgent\Data\GoAgent directory, and import it.

Linux import root certificate

sudo trust anchor --store /opt/XX-Net/data/gae_proxy/CA.crt

Linux manually handles user-level certificates

create folder

 mkdir -p ~/.pki/nssdb

Manually import the certificate into the database

 certutil -d sql:. -A -t "C,," -n "GoAgent XX-Net - GoAgent" -i "/pathto/CA.crt"

If it fails, you can try to change the password of the certificate database, which can be changed to empty

 modutil -changepw "NSS Certificate DB" -dbdir ~/.pki/nssdb

View certificate:

 certutil -L -d sql:~/.pki/nssdb

To delete a certificate:

 certutil -d sql:~/.pki/nssdb -D -n "GoAgent XX-Net - GoAgent"

Android manually imports the certificate

  1. Open Settings - System Security - Install Credentials (Certificates) from SD Card.
  2. Enter XX-Net/data/gae_proxy in sequence, select CA.crt under this directory, enter any name, and press OK.
  3. If the certificate imported by the above method is invalid, you can download Root Certificate Manager and use this software to import the certificate into the system

IPAD/IPHONE manually import the certificate

Note: The Ios mobile terminal can only install the certificate by opening the CA.crt attached to the email through the built-in email program. It has been verified that the attached CA.crt cannot be opened when the browser logs in to the mailbox.

  1. Log in to the mailbox on other devices (PC), and send CA.crt as an attachment to other mailboxes. CA.crt address: XX-Net/data/gae_proxy/CA.crt.
  2. In the IPAD/IPHONE "mail" program, set the account as the email account in the first step, and wait for the automatic synchronization of emails to the local.
  3. Find the email sent in the first step, click the attachment, and the installation will be prompted automatically. You need to enter the IPAD/IPHONE password, and the installation will be successful after confirmation.

The way to manually import in the browser

Firefox (Firefox) browser: For detailed graphic and text guidance, see Use Firefox browser#Manually import certificates.

Chrome (Google) browser: For detailed graphic and text guidance, see Use Chrome browser#Manually import certificates.

General steps:

  1. Click the menu button of the browser (usually in the upper right corner), and find the "Preferences" or "Settings" of the browser
  2. Find the settings related to "Certificate" or "Security" (may be hidden in the "Advanced" tab), click "View Certificate", select "Certificate Authority" in the certificate manager, and click "Import".
  3. In the XX-Net folder, find the "CA.crt" certificate in the data\gae_proxy directory and import it.
  4. In the pop-up window, select "Trust websites identified by this CA" and confirm.
  5. Try to access https://www.google.com/ or https://www.facebook.com/ to check whether the certificate is imported successfully.

subglobal

In Unix and GNU/Linux, most HTTP applications support calling environment variables http_proxy and https_proxy for proxying. In addition, there is no uniform standard for the case of the environment variable, and some programs only support environment variables in all uppercase. So for convenience, just add the following in ~/.bash_profile or ~/.zshenv: export http_proxy=http://127.0.0.1:8087/ export https_proxy=$http_proxy export HTTP_PROXY=$http_proxy export HTTPS_PROXY=$HTTP_PROXY

Then execute the following command to import the certificate, taking archlinux as an example:

  ln -s /opt/XX-Net/data/gae_proxy/CA.crt /etc/ca-certificates/trust-source/anchors/GoAgent.crt
  trust extract-compat
Clone this wiki locally