Jump to content

Search the Community

Showing results for tags 'certificate'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


  • The General Stuff
    • Announcements
    • Introduce Yourself!
    • General Discussion
  • Microsoft Software Products
    • Windows 11
    • Windows 10
    • Windows 8
    • Windows 7
    • Windows Server
    • Older Windows NT-Family OSes
    • Windows 9x/ME
    • Other Microsoft Products
  • Unattended Windows Discussion & Support
    • Unattended Windows
    • Other Unattended Projects
  • Member Contributed Projects
    • Nuhi Utilities
    • Member Projects
    • Other Member Contributed Projects
    • Windows Updates Downloader
  • Software, Hardware, Media and Games
    • Forum Categories
    • Mobile Devices
  • Customizing Windows and Graphics
    • Customizing Windows
    • Customizing Graphics
  • Coding, Scripting and Servers
    • Web Development (HTML, Java, PHP, ASP, XML, etc.)
    • Programming (C++, Delphi, VB/VBS, CMD/batch, etc.)
    • Server - Side Help (IIS, Apache, etc.)


There are no results to display.

Find results in...

Find results that contain...

Date Created

  • Start


Last Updated

  • Start


Filter by number of...


  • Start





Website URL





Found 1 result

  1. ProxHTTPSProxy and HTTPSProxy in Windows XP for future use Introduction: The idea of this thread is to provide information and recent findings I've made relating to the TSL proxies ProxHTTPSProxy and HTTPSProxy. Due to the fact that I don't use other older NT based Operation Systems (OSs) except Windows XP Professional all my observations and explanations are referring to both proxies in Windows XP only. So please do not comment off-topic in this thread! I am AstroSkipper, a member of MSFN since 2010, and was involved in restoring of access to Microsoft Update (MU) website in Windows XP (and some other OSs). This is the thread: While restoring MU in my own Windows XP Professional system, I had to solve a lot of problems and had among other things some significant findings relating to ProxHTTPSProxy and HTTPSProxy too. The above mentioned thread is now over 140 pages long and unfortunately very bloated. In most cases visitors or members of MSFN don't want to read that much of pages for getting information they have looked for. A lot of comments are part of conversations which no longer can be retraced or understood easily by people who weren't participated. Therefore I wanted to make my own findings accessible to all interested people in a clear, short way. That's why I decided to make my own thread to provide some facts, tips and especially news referring to these proxies. It is an unfortunate circumstance that the creators of ProxHTTPSProxy and HTTPSProxy, @heinoganda and @Thomas S., haven't been here for a long time and no further development of these proxies has been made the last years. Of course, we thank both creators explicitly for these outstanding proxies, we are very glad to have them, but they have to be used as they are. This is the reason why we have to ask ourselves whether they'll continue doing their job in the future or not. But maybe some of you don't really know what actually their job is. Purpose of ProxHTTPSProxy and HTTPSProxy: Originally ProxHTTPSProxy was created for Proxomitron as a SSL Helper Program. Proximotron is a local HTTP web-filtering proxy. Here are two links about Proxomitron: http://www.buerschgens.de/Prox/index.html (German website, use Google Translator if necessary) and https://msfn.org/board/topic/183295-web-browser-proxomitron-reborn-ptrongui-a-how-to-guide/. This is a quotation from a post of the developer called "whenever" who had made ProxHTTPSProxy originally: Source link: https://prxbx.com/forums/showthread.php?tid=1618. Here an image to show how ProxHTTPSProxy works: ProxHTTPSProxy and HTTPSProxy were created by our members mentioned above to provide modern nag-free HTTPS connections for an HTTP proxy. The main purpose in Windows XP is in adding modern ciphers to HTTPS connections of Internet Explorer (IE) to improve either its missing TLS 1.2 functionality or its rudimentary TLS 1.2 functionality last added by Microsoft after installing some relevant POSReady updates (KB4230450, KB4316682 and KB4019276). Here is a link with further information how TLS 1.1 and TLS 1.2 can be enabled in Windows XP: https://msfn.org/board/topic/178092-enable-tls-11-and-12-in-windows-xp-correctly/?do=findComment&comment=1158544. The original ciphers of IE are outdated and therefore a lot of websites can't be accessed or they don't work properly due to SSL issues. More information about these proxies you can find in the original thread: https://msfn.org/board/topic/176344-problems-accessing-certain-sites-https-aka-tls/. Area of application: As already said, the main purpose of these proxies is in adding modern ciphers to HTTPS connections of IE to improve either its missing TLS 1.2 functionality or its rudimentary TLS 1.2 functionality last added by Microsoft after installing some relevant POSReady updates. Therefore ProxHTTPSProxy or HTTPSProxy is used in combination with IE to access websites which couldn't be called up by IE without it. Some programs use Internet Explorer's browser engine called Trident to get data from Internet, to search something or to check for updates. For example my favourite movie database program All My Movies™ checks for updates using IE engine. Without one of these proxies it will fail. Some e-mail clients like eM Client or Eudora are using IE engine too. Some browsers like 360 Extreme Explorer are able to use IE engine for surfing. Another new purpose is to access Microsoft Update to look for updates. As I mentioned above I was involved in restoring of access to Microsoft Update (MU) website in Windows XP (and some other OSs) and we were successful by now. If you're interested in restoring MU functionality, I've written a little guide with the title "Complete guide for restoring IE's access to WU/MU website using ProxHTTPSProxy or HTTPSProxy in Windows XP" which can be found here: This thread is about different proxies to establish secure connections to servers or, more generally, to the internet. You often read about TLS and cipher suites here. Therefore, I disseminate here some information about these "termini technici" for those who do not know exactly what is meant by them. The TLS protocols and their cipher suites If you research the term TLS on the internet, you will get a lot of information, sometimes very simply presented, sometimes very technical, more for IT experts. With this small article, which can be seen more as a summary, I try to provide a little more transparency in this stuff. Transport Layer Security, abbreviated TLS, is a protocol for the authentication and encryption of Internet connections. For this purpose, TLS is inserted as its own layer between TCP and the protocols of the application layer. Here is a linked graphic to make it more clear: The individual tasks include authentication, certification, key exchange, integrity assurance and encryption. The main tasks are to guarantee the authenticity of the contacted remote stations, in most cases a server, by means of a certificate and to encrypt the connection between the remote stations. Here is a second linked graphic to demonstrate the actions and reactions in the communication between a client and a server: The used protocol defines the basic communication for the connection and is as crucial for a secure connection as the encryption protocol itself. Due to a series of vulnerabilities, the SSL2 and SSL3 protocols must be considered a security vulnerability and should be avoided at all costs. The successor to SSL3, TLS 1.0 should also be avoided, as the protocol offers a method to downgrade an established TLS 1.0 connection to SSL3. Thus, the connection is again vulnerable to the vulnerabilities that affect SSL3. Unfortunately, its successor TLS 1.1 is also no longer up to date and should be rather avoided nowadays. For a long time, the TLS 1.2 protocol was considered secure and therefore recommended. It offers a number of improvements that should ensure the security of connections again. In general, each new SSL or TLS version has brought additional features and options, making configuration a little more confusing, implementation more error-prone and handling more tedious. Overall, the use of TLS has become more insecure. With TLS 1.3, this should change, at best. Or, this was and is the actual goal, at least. For this reason, every single function of TLS has been tested for its security benefits and risks. In the process of development and in regard to the present knowledge, some parts were removed that no longer offer security and some of which are now also considered insecure. At the same time, security was improved with new procedures. Furthermore, measures for performance optimisation and preventive hardening measures for future attacks were taken into account. TLS 1.3 breaks backwards compatibility for the first time, which unfortunately causes some problems in practice. Connections with TLS 1.3 can be interrupted either because the connection is not accepted en route or due to a defective web server. Anyway, the protocols TLS 1.2 and, above all, TLS 1.3 are recommended as secure protocols nowadays. Here is a list of typical protocols and their cipher suites used by the TLS 1.3 proxy of my current program package ProxHTTPSProxy's PopMenu TLS 1.3 3V3 as an example. It's a screenshot taken from the website https://browserleaks.com/ssl: In the screenshot above, you can see many so called cipher suites belonging to specific TLS protocols. A cipher suite is a standardised collection of cryptographic procedures (algorithms) for encryption. In the Transport Layer Security (TLS) protocol, the cipher suite specifies which algorithms are to be used to establish a secure data connection. A cipher suite is generally displayed as a long string of seemingly random information but each segment of that string contains essential information. Generally, this data string is made up of several key components: The used protocol, in most cases TLS. The key exchange algorithm dictates the manner by which symmetric keys will be exchanged such as RSA, DH, DHE, ECDH, ECDHE. The authentication algorithm dictates how server authentication and (if needed) client authentication will be carried out such as RSA, DSA, ECDSA. The bulk encryption algorithm dictates which symmetric key algorithm will be used to encrypt the actual data such as AES, 3DES, CAMELLIA. The Message Authentication Code (MAC) algorithm dictates the method the connection will use to carry out data integrity checks such as SHA, SHA256, MD5. In some cases, there is an Elliptic Curve Cryptography (ECC) which is an encryption technique that provides public-key encryption similar to RSA. While the security strength of RSA is based on very large prime numbers, ECC uses the mathematical theory of elliptic curves and achieves the same security level with much smaller keys. Here are three linked graphics to illustrate these strings with examples: And now, back to our proxies. The TLS 1.2 proxies ProxHTTPSProxy and HTTPSProxy Prerequisites: A CPU with SSE2 instruction set is necessary to let the more recent proxies run. Detailed information: Testing system: Windows XP Professional SP3 POSReady with an AMD Athlon XP 3200+ (Thoroughbred), an old CPU providing SSE, but lacking of SSE2 instruction set. After testing of all proxies mentioned in this article, I can confirm that all @heinoganda's releases ProxHTTPSProxy REV3b, ProxHTTPSProxy REV3d, ProxHTTPSProxy REV3e and @Thomas S.'s release HTTPSPoxy in version HTTPSProxy_Launcher_v2_2018-11-06 require a CPU with SSE2 instruction set. All these proxies crashed when starting 'ProxHTTPSProxy.exe' or 'HTTPSProxy.exe'. But @whenever's release ProxHTTPSProxyMII 1.3a could be started without crashing, and after testing I can confirm this proxy is fully compatible with a CPU possessing SSE instruction set only. Therefore, this proxy can be used in such old systems, but only if absolutely necessary. For safety reasons. More detailed information below in the section Versions. Installation: The program packages provide documents and instructions, actually sufficient. Both proxies do not need any installation. There is no setup installer. They are fully portable with a few exceptions. The user has to edit the config file according to his needs, he should update a special certificate called 'cacert.pem' and he has to install the proxy's root certificate properly in any case. But to avoid unnecessary repetitions, I'll come back to that later in the section Configuration. The location of their program folder can be chosen freely. For this purpose I've created a folder "Portable" in my system partition. I have created this folder to remind me that programs inside folder Portable do not have to be uninstalled. Configuration: The configurations of these proxies are a bit different. Configuration of ProxHTTPSProxy: - Install ProxHTTPSProxy's root certificate 'CA.crt' under Trusted Root Certification Authority manually or apply 'ProxHTTPS Cert Install.exe'. Alternatively you can use the more recent ProxHTTPSProxy Cert Installer which has been modified and updated by me. You can find it in the section Downloads. - Edit the config file 'config.ini' according to your needs. More detailed explanations at the end of this section. - Update the certificate 'cacert.pem' by downloading and inserting it manually (see cacert Update.txt) or automatically by applying 'cacert_Updater.exe'. Due to the circumstance that @heinoganda's original cacert Updater doesn't work anymore, I have fixed it. This "cacert Updater Fixed" can be downloaded in the section Downloads. Configuration of HTTPSProxy: - Generate a new HTTPSProxy's root certificate 'HTTPSProxyCA.crt' by opening 'HTTPSProxy.exe' and closing its window when the process is over. - Install HTTPSProxy's root certificate 'HTTPSProxyCA.crt' under Trusted Root Certification Authority manually. Alternatively you can use the brand new HTTPSProxy Cert Installer which has been created by me. You can find it in the section Downloads. - Edit the config files 'config.ini' and 'Launcher.ini' according to your needs. More detailed explanations at the end of this section. - Update the certificate 'cacert.pem' by downloading from url https://curl.se/ca/cacert.pem and inserting it manually (see Installation-Update_EN.txt) or automatically by clicking cacert.pem update in Launcher's menu. - Execute the reg file 'Inet_CurUser_ProxySettings.reg'. Both proxies have got a config file called 'config.ini'. The following parameters of the proxy can be specified there:: ProxAddr, FrontPort, BackPort, LogPort and LogLevel. Look into this file and you'll get short descriptions of these parameters. Furthermore there are special sections titled [SSL No-Verify], [BLACKLIST], [SSL Pass-Thru] and [BYPASS URL]. In these sections url addresses can be inserted letting the proxy know how to perform them. HTTPSProxy has a second config file called 'Launcher.ini'. Here you can set up the Launcher of HTTPSProxy. A short description can be read at the beginning of each file section. Here you can see HTTPSProxy's config file similar to the one of ProxHTTPSProxy: More detailed information about the parameters and sections can be found in their doc files. Both proxies can be set as system-wide proxies using the executable proxycfg.exe. Here are proxycfg's command line parameters: The command proxycfg displays the current WinHTTP proxy settings. The command proxycfg -d specifies that all HTTP and HTTPS servers should be accessed directly. Use this command if there is no proxy server. The command proxycfg -p proxy-server-list optional-bypass-list specifies one or more proxy servers, and an optional list of hosts that should be accessed directly. If a proxy server is not specified for a given protocol and that server is not in the bypass list, the -p option specifies that the server cannot be accessed at all. The command proxycfg -d -p proxy-server-list optional-bypass-list specifies one or more proxy servers, and an optional list of hosts that should be accessed directly. If a proxy server is not specified for the given protocol, the -d option specifies that the server should be accessed directly instead. The command proxycfg -u imports the Internet Explorer proxy settings of the current user. WinHTTP does not support auto-discovery and configuration script-based proxy settings. So far so good, but unfortunately that's not the whole truth. Configuration of these proxies to access the MU website successfully nowadays: The MU website can be accessed only by IE, but nowadays it needs the more recent cryptographic protocol TLS 1.2. That's the reason why MU wasn't available in the past. Therefore we have to use one of these proxies to gain access. If all steps of my "Complete guide for restoring Microsoft Update in IE" have been performed properly, you would like to call up MU website. But in some cases problems could occur. One of them is to get a MU website with output of error code 0x80072f8f (hexadecimal notation). I had examined this error deeply and could solve it. But what does that have to do with our proxies? Of course a lot, otherwise I wouldn't have mentioned it. Here you can read my short post "Final fix of error code 0x80072f8f while accessing WU or MU website": The steps in order: Delete the old CA.cert file in ProxHTTPSProxy's program folder. Delete all certificates in ProxHTTPSProxy's certs subfolder. Update the certificate cacert.pem. Run the executable ProxHTTPSProxy.exe. A new ProxHTTPSProxy CA certificate CA.crt valid for another ten years has been generated. Import this new ProxHTTPSProxy CA certificate to Trusted Root Certification Authority but under the account local computer. And exactly here lies the problem. You have to import this certificate in a special way to ensure it is really installed in Trusted Root Certification Authority under account local computer. Otherwise it can happen that this certificate is installed in Trusted Root Certification Authority under account current user. And that is definitely the cause of error code 0x80072f8f. No one had told us where this certificate has to be installed to. No hints in the doc files of both proxies. And how can we do that? Here are the detailed steps using the Microsoft Management Console: Open console by typing mmc. Add a snap-in for certificates. Choose for local computer Import your recently generated ProxHTTPSProxy CA certificate to Trusted Root Certification Authority. Finished. Now we have to modify the config file. Alternatively you can use my pre-configured config files in the section Downloads. Open the file config.ini in an editor of your choice. Add these urls under the section [SSL No-Verify]: urs.microsoft.com c.microsoft.com* *one.microsoft.com* download.windowsupdate.com cc.dcsec.uni-hannover.de fe2.ws.microsoft.com *update.microsoft.com ds.download.windowsupdate.com - Save your changes. - Finished. Of course same procedure for HTTPSProxy with one exception: HTTPSProxy's root certificate is named HTTPSProxyCA.crt. Fixing error code 0x80072f8f leads to fixing another problem and that is the validity of Proxy's root certificate. From now on a freshly generated root certificate of ProxHTTPSProxy or HTTPSProxy valid for another ten years will be fully functional because we finally know where it exactly has to be imported to. Maybe you understand now how important it is to configure these proxies properly. Otherwise they wouldn't work flawlessly. In the section Downloads I provide separate CA Certificate Installer and Uninstaller for both proxies. They have been created by me for the people who do not dare to generate and install certificates themselves. Due to a modification made by me these installers and uninstallers do now their job properly i.e. the certificate installation will be definitely performed in Trusted Root Certification Authority under account local computer. If you asked me which kind of certificate installation you should choose, I would recommend the manual method. For security reasons only. The installers contain a pre-generated root certificate of its proxy which will be installed properly. But as a result all users of these installers will have got the same certificate unfortunately. Normally no good. But do we really want to spy each other? I don't think so. On the other hand using the manual method we all will have an unique certificate without any risks. So it's up to you! Usage: The usage of these proxies is very simple but a bit different. Usage of ProxHTTPSProxy: The best way to start ProxHTTPSProxy is to execute the file ProxHTTPSProxy_PSwitch.exe. In this case ProxHTTPSProxy will set up itself automatically and delete its settings when closing. You can check the settings of ProxHTTPSProxy in Internet Options of IE. Here is a screeshot of ProxHTTPSProxy's program window: Usage of HTTPSProxy: The way to start HTTPSProxy is a bit different. For starting it you have to simply drag the executable HTTPSProxy.exe onto a second executable Launcher.exe by drag & drop and a new system tray icon appears. Via this icon, all available options of HTTPSProxy's Launcher are accessible. There are a lot of options: HTTPSProxy exit, HTTPSProxy restart, HTTPSProxy show, HTTPSProxy hide, HTTPSProxy launch with Windows, config.ini edit, cacert.pem update, HTTPSProxy enabled - settings - log, Update Windows root CAs, Launcher.ini edit and so on. Here are some screenshots of HTTPSProxy: Launcher's menu: HTTPSProxy - switched on and switched off: HTTPSProxy's program window: HTTPSProxy while accessing MU: If connection errors occur, you can check the settings of HTTPSProxy in Internet Options of IE and set them manually or automatically by applying reg file 'Inet_CurUser_ProxySettings.reg'. And now one important hint. If you want to use both proxies in your system, you mustn't run them in RAM at same time! Otherwise the selected proxy won't work at all. You have to close the unused proxy to use the other. Keep that in mind! Maintenance of ProxHTTPSProxy and HTTPSProxy for future use: We have to carry out a bit of maintenance to ensure that these proxies are working properly. First of all, the system's root certificates should be updated every three months. If you have not done that yet, you can use the current root certificate updater in the section Downloads where a version with separate installers for Root Certificates and Revoked Certificates or an AIO version of these installers can be downloaded from. Then you should check following list: Periodically updating of 'cacert.pem'. Maintenance and check of config file according to your needs.. Check of validity of proxy's root certificate. Deleting of all certificates in Proxy's certs folder if proxy isn't working properly. Checking state of Proxy in IE or in system Versions: Last known version of ProxHTTPSProxyMII, created by @whenever and released in June of 2018: ProxHTTPSProxyMII 1.5 (20180616) ProxHTTPSProxyMII 1.3a (20150527) was released in May of 2015. Here are two links: https://prxbx.com/forums/showthread.php?tid=2172&pid=17686#pid17686 and https://prxbx.com/forums/showthread.php?tid=2172&pid=18454#pid18454 Due to support of SHA1 for signing certificates ProxHTTPSProxyMII 1.3a can be used in a Windows XP Professional x64 system to access MU successfully. More recent versions use SHA256 to sign certificates and fail while accessing MU. But that also means ProxHTTPSProxyMII 1.3a is not secure and should only be used if there is no other option. Here is a link to the post with necessary instructions and a screenshot of successful access to MU using ProxHTTPSProxyMII 1.3a in Windows XP Professional x64, credits to @maile3241: https://msfn.org/board/topic/178377-on-decommissioning-of-update-servers-for-2000-xp-and-vista-as-of-july-2019/?do=findComment&comment=1214098 Last known version of ProxHTTPSProxy released in November of 2019: ProxHTTPSProxy REV3e. Here is a link: https://msfn.org/board/topic/176344-problems-accessing-certain-sites-https-aka-tls/?do=findComment&comment=1173585 Last known version of HTTPSProxy released in November of 2018: HTTPSProxy_Launcher_v2_2018-11-06 Here are two links: https://msfn.org/board/topic/176344-problems-accessing-certain-sites-https-aka-tls/?do=findComment&comment=1155858 and https://msfn.org/board/topic/176344-problems-accessing-certain-sites-https-aka-tls/?do=findComment&comment=1156032 Downloads: Archived Downloads {obsolete}: ProxHTTPSProxyMII 1.3a can be downloaded here: http://www.proxfilter.net/proxhttpsproxy/ProxHTTPSProxyMII 1.3a.zip. Credits to @whenever. ProxHTTPSProxyMII 1.5 can be downloaded here: http://jjoe.proxfilter.net/ProxHTTPSProxyMII/files/ProxHTTPSProxyMII 1.5 advanced 34cx_freeze5.0.1urllib3v1.22Win32OpenSSL_Light-1_0_2o-1_1_0h.zip. Credits to @whenever. ProxHTTPSProxy REV3d can be downloaded here: https://i430vx.net/files/XP/ProxHTTPSProxyMII_REV3d_PY344.7z. Credits to @heinoganda. Root Certificate and Revoked Certificate Updater of 02/24/2022 created by @AstroSkipper: https://www.mediafire.com/file/n4ea8nbijox88o3/Roots_Certificate_Updater_24.02.22.7z/file Root Certificate and Revoked Certificate Updater (AIO version!) of 02/24/2022 created by @AstroSkipper: https://www.mediafire.com/file/8ler7d9z8aesz08/rootsupd.exe/file Root Certificate and Revoked Certificate Updater of 04/28/2022 created by @AstroSkipper: https://www.mediafire.com/file/7e6jw2mdp6bi3u0/Roots_Certificate_Updater_28.04.22.7z/file Root Certificate and Revoked Certificate Updater (AIO version!) of 04/28/2022 created by @AstroSkipper: https://www.mediafire.com/file/m6n7481wdq546ad/rootsupd.EXE/file Root Certificate and Revoked Certificate Updater of 05/24/2022 created by @AstroSkipper: https://www.mediafire.com/file/aob1fkpf6f3vyhd/Roots_Certificate_Updater_24.05.22.7z/file Root Certificate and Revoked Certificate Updater (AIO version!) of 05/24/2022 created by @AstroSkipper: https://www.mediafire.com/file/vkopcjfymnei5cn/rootsupd.exe/file Root Certificate and Revoked Certificate Updater of 06/28/2022 created by @AstroSkipper: https://www.mediafire.com/file/2eowvtl8r56q8tx/Roots_Certificate_Updater_28.06.22.7z/file Root Certificate and Revoked Certificate Updater (AIO version!) of 06/28/2022 created by @AstroSkipper: https://www.mediafire.com/file/h1460guuxqklkk5/rootsupd.exe/file Latest Downloads: Downloads related to ProxHTTPSProxy: ProxHTTPSProxy REV3e can be downloaded here: https://msfn.org/board/applications/core/interface/file/attachment.php?id=49205&key=1d82b78adecd29bef6d02d67c214249a. Credits to @heinoganda. ProxHTTPSProxy CA Certificate Installer and Uninstaller with a freshly pre-generated root certificate valid until 02/19/2032 modified and built by @AstroSkipper: https://www.mediafire.com/file/9tnonnlymrp98f8/ProxHTTPSProxy_Cert_Installer_%2B_Uninstaller_%2B_CA_valid_until_02-19-2032.7z/file ProxHTTPSProxy's config file to access MU website successfully, modified by @AstroSkipper: https://www.mediafire.com/file/vr1klatuzjh6v5c/ProxHTTPSProxy_-_config.ini/file Downloads related to HTTPSProxy: HTTPSProxy in the version of HTTPSProxy_Launcher_v2_2018-11-06 can be downloaded here: https://www.mediafire.com/file/ku859ikt2t79cgl/HTTPSProxy_Launcher_v2_2018-11-06.7z/file. Credits to @Thomas S.. HTTPSProxy CA Certificate Installer and Uninstaller with a freshly pre-generated root certificate valid until 02/19/2032 created by @AstroSkipper: https://www.mediafire.com/file/sx1i6w2c6f1hvwm/HTTPSProxy_Cert_Installer_%2B_Uninstaller_%2B_CA_valid_until_02-19-2032.7z/file HTTPSProxy's config file to access MU website successfully, modified by @AstroSkipper: https://www.mediafire.com/file/6emtdvx2vmw4iz8/HTTPSProxy_-_config.ini/file Downloads related to cacert.pem Certificate Update: cacert Updater Fixed, fixed and recreated by @AstroSkipper: https://www.mediafire.com/file/y98gtqf8ewr6zz4/cacert_Updater_Fixed_Recreated.7z/file. Credits to @heinoganda. Downloads related to Root Certificate Updates: Root Certificate and Revoked Certificate Updater of 08/23/2022 created by @AstroSkipper: https://www.mediafire.com/file/nxt11m8m39fnc1k/Roots_Certificate_Updater_23.08.22.7z/file Root Certificate and Revoked Certificate Updater (AIO version!) of 08/23/2022 created by @AstroSkipper: https://www.mediafire.com/file/0o2h3y16ekmtv2o/rootsupd.EXE/file Certificate Updater 1.6: https://www.mediafire.com/file/nmoqrx8vwc8jr6l/jveWB2Qg1Lt9yT5m3CYpZ8b8N4rH.rar/file. Credits to @heinoganda. Archive password: S4QH5TIefi7m9n1XLyTIZ3V5hSv4se1XB6jJZpH5TfB6vkJ8hfRxU7DWB2p The installers created by myself or built by me will be updated from time to time if necessary. Update notifications: 02/26/2022: Both versions of Root Certificate and Revoked Certificate Updater have been updated and are now of 02/24/2022. 03/16/2022: The functionality of @heinoganda's cacert Updater has been restored. cacert Updater Fixed can be downloaded in the section Downloads, 04/23/2022: cacert Updater Fixed has been completely recreated due to false alarms of some virus scanners and can be downloaded in the section Downloads, 05/10/2022: ProxHTTPSProxy's PopMenu 3V1 has been released. Here is the link to my post of the initial release with the download link: https://msfn.org/board/topic/183352-proxhttpsproxy-and-httpsproxy-in-windows-xp-for-future-use/?do=findComment&comment=1218622 05/16/2022: Both versions of Root Certificate and Revoked Certificate Updater have been updated and are now of 04/28/2022. 06/05/2022: Both versions of Root Certificate and Revoked Certificate Updater have been updated and are now of 05/24/2022. 06/30/2022: Both versions of Root Certificate and Revoked Certificate Updater have been updated and are now of 06/28/2022. 08/17/2022: ProxHTTPSProxy's PopMenu TLS 1.3 3V3 has been released. Here is the link to my post of its release with the download link: 09/05/2022: Both versions of Root Certificate and Revoked Certificate Updater have been updated and are now of 08/23/2022. Conclusion: At the beginning of this post I said we had to ask ourselves whether these proxies would continue doing their job in the future or not. After all these observations and explanations the answer of this question is quite clear: Yes, of course. But we have to avoid misconfiguration of these proxies, and in addition we know they won't work properly without updating and carrying out maintenance. Doing all these things leads to a general, positive side effect for those loving their Windows XP. If all is done correctly, we are now able to use a freshly generated 10 years valid root certificate of ProxHTTPSProxy or HTTPSProxy at any time as long as Windows XP, Internet Explorer access to WWW, TLS 1.2 functionality, Microsoft Update for Windows XP or the user himself still exists. Disclaimer: All information that I spread here corresponds to my level of knowledge. Most of it has been carefully researched by me. I tested all programs of the section Downloads extensively, and they worked properly in my system. Nevertheless, I do not assume any guarantee either for the correctness and completeness or for the implementation of my tips. The same applies to the application of my tools in the section Downloads. Therefore, all at your own risk! You can use the commenting zone below to tell us about your experiences, problems and questions or to provide further tips and recommendations. Any discussions about these proxies are explicitly welcome. If this article has not been able to resolve any issues related to these proxies and you need further assistance with configuring or running them, I will try to help you as much as I can. But one thing must be clear, everything should relate to this article. That means please stay on-topic! If you enjoyed this article or maybe, you found it interesting and helpful, I would be pleased about any reaction by liking, upvoting, and of course, commenting. Kind regards, AstroSkipper

  • Create New...