"Certificate chain may be invalid" while checking for update in marketplace
443 views
Skip to first unread message
Mr_loffy Geek
Apr 27, 2023, 4:10:00 AM4/27/23
to OWASP ZAP User Group
I am having trouble updating marketplace,whenever i try to update it responds with error:
"Error encountered. Please check manually for new updates.(the output tab may contain further details)."
Where the output tabs shows:
"Certificate chain may be invalid. Are you using a corporate or intermediate proxy? Is its CA
certificate in your Java truststore?"
I can install manually but not using marketplace in the app
Any help is greatly appecitated
Simon Bennetts
Apr 27, 2023, 4:12:46 AM4/27/23
to OWASP ZAP User Group
"Certificate chain may be invalid. Are you using a corporate or intermediate proxy? Is its CA
certificate in your Java truststore?"
What is the answer to these questions? :)
Mr_loffy Geek
Apr 30, 2023, 2:26:43 AM4/30/23
to OWASP ZAP User Group
I am not sure what you mean but i use foxyproxy and i have installed the root ca certificate,
sorry I am new to this
Mr_loffy Geek
Apr 30, 2023, 2:28:58 AM4/30/23
to OWASP ZAP User Group
I am able to proxy and see request and response in zap using both firefox and chrome but not able to launch an automated scan or manual scan using zap
Simon Bennetts
May 2, 2023, 5:42:28 AM5/2/23
to OWASP ZAP User Group
Now I'm confused.
In your first email you said: "I am having trouble updating marketplace".
Is this still a problem?
This will not prevent you from launching an automated or manual scan.
Please give more details - what are you doing and what messages are you getting from ZAP?
We d o not know what you are doing, so have no way of working out whats going wrong without more information from you.
Cheers,
Simon
Mr_loffy Geek
May 3, 2023, 1:52:15 AM5/3/23
to OWASP ZAP User Group
Alright my bad,So i have installed zap and setup it with firefox on port 8090.
I have done nothing except installing root ca certificate and i am encountering 2 problems:
Mind you I am running this on ubuntu(22.04.2 LTS).
Except this I have tried:
-changing selenium:
-change Webdrivers location and back to default
-change Binaries loaction and back to default
-changing certificates
-updating & upgrading my system
-reinstalling zap by:
-snap store
-linux installer
-linux package
-linux repo:
-adding repo and installing manually
-installing by using binary package directly
-reinstalling:
-firefox
-chrome
I have done nothing except installing root ca certificate and i am encountering 2 problems:
1)Now when I open my broswer and enable proxy I am able to see websites in sites menubar(as shown in image 1) but on browser I am not able to load it(as shown in image 2).
2)When I try to update marketplace I have another error(as shown in image 3) when says to check output tab for further info(as shown in image 4).
Mind you I am running this on ubuntu(22.04.2 LTS).
Except this I have tried:
-changing selenium:
-change Webdrivers location and back to default
-change Binaries loaction and back to default
-changing certificates
-updating & upgrading my system
-reinstalling zap by:
-snap store
-linux installer
-linux package
-linux repo:
-adding repo and installing manually
-installing by using binary package directly
-reinstalling:
-firefox
-chrome
-chromium
-changing proxy:
-using third party(firefox)
-using firefox/google manual proxy configurations.
I really appriciate your help.THANK YOU!
Simon Bennetts
May 3, 2023, 4:45:22 AM5/3/23
to OWASP ZAP User Group
OK, so that helps. but you still havnt answered the questions that ZAP asked, which I also asked in my first reply ;)
- Are you using a corporate or intermediate proxy?
- Is its CA certificate in your Java truststore?"
When performing a check-for-updates ZAP checks that the certificate chain is valid.
It does this because it installs new functionality - if you have somehow been redirected to a malicious site then ZAP could install malware.
We dont want it to do that :)
So in your case ZAP thinks that the certificate for the check-for-updates service is invalid.
The 2 most obvious possibilities are either:
- You are using a corporate proxy
- You are being redirected to a different (potentially malicious) site.
Thats why those questions are so important.
Cheers,
Simon
Mr_loffy Geek
May 3, 2023, 6:48:02 AM5/3/23
to OWASP ZAP User Group
I am sorry but what is a corporate proxy?
And what can i do to change it
thc...@gmail.com
May 5, 2023, 5:18:39 AM5/5/23
to zaprox...@googlegroups.com
When you are working in your companies' network you might need a proxy
to access the internet. That's what the "corporate proxy" is referring to.
If you don't have one, the problem is other thing. Worth double checking
that you don't need one though. That ZAP is not able to access external
websites points to a problem like that.
Best regards.
On 03/05/2023 11:48, Mr_loffy Geek wrote:
> I am sorry but what is a corporate proxy?
> And what can i do to change it
>
> On Wednesday, 3 May 2023 at 14:15:22 UTC+5:30 psi...@gmail.com wrote:
>
>> OK, so that helps. but you still havnt answered the questions that ZAP
>> asked, which I also asked in my first reply ;)
>>
>> - Are you using a corporate or intermediate proxy?
>> - Is its CA certificate in your Java truststore?"
>> - You are being redirected to a different (potentially malicious) site.
to access the internet. That's what the "corporate proxy" is referring to.
If you don't have one, the problem is other thing. Worth double checking
that you don't need one though. That ZAP is not able to access external
websites points to a problem like that.
Best regards.
On 03/05/2023 11:48, Mr_loffy Geek wrote:
> I am sorry but what is a corporate proxy?
> And what can i do to change it
>
> On Wednesday, 3 May 2023 at 14:15:22 UTC+5:30 psi...@gmail.com wrote:
>
>> OK, so that helps. but you still havnt answered the questions that ZAP
>> asked, which I also asked in my first reply ;)
>>
>> - Is its CA certificate in your Java truststore?"
>>
>> When performing a check-for-updates ZAP checks that the certificate chain
>> is valid.
>> It does this because it installs new functionality - if you have somehow
>> been redirected to a malicious site then ZAP could install malware.
>> We dont want it to do that :)
>>
>> So in your case ZAP thinks that the certificate for the check-for-updates
>> service is invalid.
>> The 2 most obvious possibilities are either:
>>
>> - You are using a corporate proxy
>> When performing a check-for-updates ZAP checks that the certificate chain
>> is valid.
>> It does this because it installs new functionality - if you have somehow
>> been redirected to a malicious site then ZAP could install malware.
>> We dont want it to do that :)
>>
>> So in your case ZAP thinks that the certificate for the check-for-updates
>> service is invalid.
>> The 2 most obvious possibilities are either:
>>
>> - You are being redirected to a different (potentially malicious) site.
Mr_loffy Geek
May 5, 2023, 8:15:21 AM5/5/23
to OWASP ZAP User Group
OH! That helps,Well no I am using it at my home gig and its a straight simple default internet connection
Reply all
Reply to author
Forward
0 new messages