The client does not trust the proxy's certificate #5307
Replies: 7 comments 2 replies
-
Yes, this very much looks like certificate pinning. The client actively communicates with a TLS alert that it does not trust the cert. If you're on Android and it's your own application, you need to add user-added CAs to your network configuration manifest. |
Beta Was this translation helpful? Give feedback.
-
ah, that's what I was worried about. Thank you very much for the quick reply! Unfortunately as the app I am working with is not my own, It looks like I will need to attempt some additional work using apk-mitm or objection as suggested in the Certificates documentation. Disappointing that i need to do more work, but exciting to be so close! By chance do you have any recommendations or suggestions on any "gatchas" to avoid during this next part? |
Beta Was this translation helpful? Give feedback.
-
Something loosely related, but I was curious to peek into traffic coming from the Nintendo Switch instead. Ran into the same issue as the title, although admittedly, I didn't and certainly couldn't install any CA certificates. The connection test succeeded though, and I could peer into the HTTP I escalated to trying to transparently proxy, but I just keep running into #3139 despite the fact that my machine (Debian Bullseye running |
Beta Was this translation helpful? Give feedback.
-
When making such messages, the app should be as helpful as possible.
Which client. Be specific. Which proxy. Be specific. Note the app might be running under several layers of other apps. So be sure it says clearly what things it is talking about. |
Beta Was this translation helpful? Give feedback.
-
How to solve the hot problem |
Beta Was this translation helpful? Give feedback.
-
pls how to solve this issue, im still getting the same message for linkedin for youtube |
Beta Was this translation helpful? Give feedback.
-
The client must trust the CA cert used by Also note that when |
Beta Was this translation helpful? Give feedback.
-
As stated in the Topic, I am receiving an error for a specific domain stating:
"Client TLS handshake failed. The client does not trust the proxy's certificate for DOMAIN (tlsvs1 alert unkown ca)".
This error only appears to occur on specific domains for the app it is being generated from. Is this an example of Certificate pinning? Or have I perhaps configured something wrong along the way?
Looking for some direction on how to resolve the error as the data I am hunting seems to be being sent when that error is triggering.
Beta Was this translation helpful? Give feedback.
All reactions