starred/Proxyman

Fork 0

mirror of https://github.com/ProxymanApp/Proxyman.git synced 2026-04-26 08:35:53 +03:00

[GH-ISSUE #851] Chrome error: NET::ERR_CERT_COMMON_NAME_INVALID #846

New issue

Closed

opened 2026-03-03 19:22:22 +03:00 by kerem · 10 comments

kerem commented

2026-03-03 19:22:22 +03:00

Owner

Originally created by @chaoyangnz on GitHub (Apr 8, 2021).
Original GitHub issue: https://github.com/ProxymanApp/Proxyman/issues/851

Originally assigned to: @NghiaTranUIT on GitHub.

Proxyman version? (Ex. Proxyman 1.4.3)

latest

macOS Version? (Ex. mac 10.14)

10.15

Steps to reproduce

I forward requests in Chrome to Proxyman. then I got the error

Expected behavior

Screenshots (optional)

Originally created by @chaoyangnz on GitHub (Apr 8, 2021). Original GitHub issue: https://github.com/ProxymanApp/Proxyman/issues/851 Originally assigned to: @NghiaTranUIT on GitHub. ### Proxyman version? (Ex. Proxyman 1.4.3) latest ### macOS Version? (Ex. mac 10.14) 10.15 ### Steps to reproduce I forward requests in Chrome to Proxyman. then I got the error ### Expected behavior ### Screenshots (optional) ![image](https://user-images.githubusercontent.com/4645331/113952220-62b5c600-9869-11eb-8b43-cc76063ab1cc.png)

kerem

2026-03-03 19:22:22 +03:00

closed this issue
added the
bug
label

kerem commented

2026-03-03 19:22:23 +03:00

Author

Owner

@NghiaTranUIT commented on GitHub (Apr 8, 2021):

Hi @chaoyangnz, thanks for opening the ticket. I have few questions:

Can you share with me which domain you are trying to intercept? I'd like to reproduce it 👍
Can you enable SSL on https://google.com from Google Chrome to see if it works?

It looks like your domains has special character, so Proxyman couldn't generate a certificate with correct CommonName

@NghiaTranUIT commented on GitHub (Apr 8, 2021): Hi @chaoyangnz, thanks for opening the ticket. I have few questions: 1. Can you share with me which domain you are trying to intercept? I'd like to reproduce it 👍 2. Can you enable SSL on https://google.com from Google Chrome to see if it works? It looks like your domains has special character, so Proxyman couldn't generate a certificate with correct CommonName

kerem commented

2026-03-03 19:22:23 +03:00

Author

Owner

@chaoyangnz commented on GitHub (Apr 8, 2021):

@NghiaTranUIT I suppose there is no domain, just IP address. why there is no domain, because I am using Proxifier to route the requests to Proxyman, not sure why Proxifier is not leaving the name resolve to downstream proxy, maybe my wrong configuration. But whatever, you can try to point a raw IP address access using Proxyman. that should be able to reproduce.

@chaoyangnz commented on GitHub (Apr 8, 2021): @NghiaTranUIT I suppose there is no domain, just IP address. why there is no domain, because I am using Proxifier to route the requests to Proxyman, not sure why Proxifier is not leaving the name resolve to downstream proxy, maybe my wrong configuration. But whatever, you can try to point a raw IP address access using Proxyman. that should be able to reproduce.

kerem commented

2026-03-03 19:22:23 +03:00

Author

Owner

@NghiaTranUIT commented on GitHub (Apr 8, 2021):

If I access https://, for example, https://142.250.66.46 (142.250.66.46 is google.com server), I still get the Error from Google Chrome without using Proxyman app.

It causes because the Certificate's Common Name from Google.com doesn't contain the IP, so Google Chrome would reject it.

Therefore, I will happen with Proxyman app too

@NghiaTranUIT commented on GitHub (Apr 8, 2021): If I access https://<ip>, for example, `https://142.250.66.46` (142.250.66.46 is google.com server), I still get the Error from Google Chrome without using Proxyman app. <img width="1256" alt="Screen Shot 2021-04-08 at 10 02 31" src="https://user-images.githubusercontent.com/5878421/113962434-e06dd780-9851-11eb-9546-fde7fdad18c3.png"> It causes because the Certificate's Common Name from Google.com doesn't contain the IP, so Google Chrome would reject it. <img width="567" alt="Screen_Shot_2021-04-08_at_10_03_01" src="https://user-images.githubusercontent.com/5878421/113962490-03988700-9852-11eb-97a5-80f66869e200.png"> Therefore, I will happen with Proxyman app too

kerem commented

2026-03-03 19:22:23 +03:00

Author

Owner

@NghiaTranUIT commented on GitHub (Apr 8, 2021):

The logic behind of generating the Certificate from Proxyman is that:

Fetch the original certificate from a destination server (e.g. google.com)
Extract all Certificate properties (Common Name, Issuer, ...)
Construct a Mitm Certificate

So, if the original Common Name in the certificate doesn't contain the IP, the Proxyman Certificate will not have the IP too. Therefore, Google Chrome will reject it (as I discuss in the previous comment)

Just wondering:

Do it works with other Proxy tools, like Fiddler or Charles 🤔

@NghiaTranUIT commented on GitHub (Apr 8, 2021): The logic behind of generating the Certificate from Proxyman is that: 1. Fetch the original certificate from a destination server (e.g. google.com) 2. Extract all Certificate properties (Common Name, Issuer, ...) 3. Construct a Mitm Certificate So, if the original Common Name in the certificate doesn't contain the IP, the Proxyman Certificate will not have the IP too. Therefore, Google Chrome will reject it (as I discuss in the previous comment) ---------------- Just wondering: Do it works with other Proxy tools, like Fiddler or Charles 🤔

kerem commented

2026-03-03 19:22:24 +03:00

Author

Owner

@NghiaTranUIT commented on GitHub (Apr 8, 2021):

@chaoyangnz Maybe you have to fix the Proxifier to make it uses the domain instead of the raw IP address.

Access to https://<ip> will result in the Certificate Error even though Proxyman is not opening. Ref: https://stackoverflow.com/questions/33419568/accessing-https-sites-with-ip-address

@NghiaTranUIT commented on GitHub (Apr 8, 2021): @chaoyangnz Maybe you have to fix the Proxifier to make it uses the domain instead of the raw IP address. Access to `https://<ip>` will result in the Certificate Error even though Proxyman is not opening. Ref: https://stackoverflow.com/questions/33419568/accessing-https-sites-with-ip-address

kerem commented

2026-03-03 19:22:24 +03:00

Author

Owner

@chaoyangnz commented on GitHub (Apr 8, 2021):

@NghiaTranUIT yep, that is caused by my wrong config in Proxifier, it should resolve dns through downstream proxy.

another thing i noticed, even though I disabled override macOS proxy, I found requests in my java program still go through Proxyman. I don't know what is the magic, I even didn't config proxy for my java server and double checked MacOS global proxy is not on.

@chaoyangnz commented on GitHub (Apr 8, 2021): @NghiaTranUIT yep, that is caused by my wrong config in Proxifier, it should resolve dns through downstream proxy. another thing i noticed, even though I disabled `override macOS proxy`, I found requests in my `java` program still go through Proxyman. I don't know what is the magic, I even didn't config proxy for my java server and double checked MacOS global proxy is not on.

kerem commented

2026-03-03 19:22:24 +03:00

Author

Owner

@NghiaTranUIT commented on GitHub (Apr 8, 2021):

another thing i noticed, even though I disabled override macOS proxy, I found requests in my java program still go through Proxyman. I don't know what is the magic, I even didn't config proxy for my java server and double checked MacOS global proxy is not on.

Look like the connection from your Java App is still alive, and still connect through Proxyman Proxy Server. Restart your app might fix the problem 👍

@NghiaTranUIT commented on GitHub (Apr 8, 2021): > another thing i noticed, even though I disabled override macOS proxy, I found requests in my java program still go through Proxyman. I don't know what is the magic, I even didn't config proxy for my java server and double checked MacOS global proxy is not on. Look like the connection from your Java App is still alive, and still connect through Proxyman Proxy Server. Restart your app might fix the problem 👍

kerem commented

2026-03-03 19:22:24 +03:00

Author

Owner

@chaoyangnz commented on GitHub (Apr 8, 2021):

@NghiaTranUIT I did restart my java server and Proxyman as well.

all the request method is CONNECT, that is true.

but how can i make connection stop alive and captured by Proxyman? last resort is restarting my laptop :)

@chaoyangnz commented on GitHub (Apr 8, 2021): @NghiaTranUIT I did restart my java server and Proxyman as well. all the request method is `CONNECT`, that is true. but how can i make connection stop alive and captured by Proxyman? last resort is restarting my laptop :)

kerem commented

2026-03-03 19:22:24 +03:00

Author

Owner

@NghiaTranUIT commented on GitHub (Apr 8, 2021):

If you try to restart the Proxyman (By quitting the app or clicking on the Start/Stop button), but your connection is still alive. I'm not sure how to fix it 🤔

Maybe it's a bug from Java?

Because as soon as click on the Start/Stop, it will start/stop the local proxy server.

@NghiaTranUIT commented on GitHub (Apr 8, 2021): If you try to restart the Proxyman (By quitting the app or clicking on the Start/Stop button), but your connection is still alive. I'm not sure how to fix it 🤔 Maybe it's a bug from Java? Because as soon as click on the Start/Stop, it will start/stop the local proxy server.

kerem commented

2026-03-03 19:22:24 +03:00

Author

Owner

@chaoyangnz commented on GitHub (Apr 9, 2021):

thanks @NghiaTranUIT close this issue. the original issue is caused by buggy Proxifier.

@chaoyangnz commented on GitHub (Apr 9, 2021): thanks @NghiaTranUIT close this issue. the original issue is caused by buggy Proxifier.