Proxy fakes certificate for Mercurial HG

Nikolay Kuznetsov November 5, 2012

I am behind the proxy and I expect that it gives me wrong certificate to Mercurial Hg to decrypt HTTPS traffic.

warning: bitbucket.org certificate with fingerprint bf:8b:48:f8:a5:22:43:fd:d2:7
9:bc:1e:6b:c7:19:20:a6:ef:c5:ed not verified (check hostfingerprints or web.cace
rts config setting)
http authorization required
realm: Bitbucket.org HTTP

Fingerprint seems to be wrong since googling says that valid fingerprint for bitbucket starts with 81:

Is it possible to download bitbucket certificate and install into mercurial?

1 answer

0 votes
VitalyA November 13, 2012

Nikolay,

This sounds strange, your proxy seems to be MITM-ing you (https://en.wikipedia.org/wiki/Man-in-the-middle_attack). While there are valid use cases for this behaviour, if the organisation wants to decrypt and archive all traffic, this is not a very common HTTPS proxy setup.

For what it's worth, when I go to Bitbucket web site and select "view certificate" (depending on the browser, try clicking on the lock sign), I get the following fingerprint values:

Serial number: 09:F7:64:A6:B0:48:A6:D6:E2:E4:9B:65:22:E3:EC:B4

SHA1 Fingerprint=24:9C:45:8B:9C:AA:BA:55:4E:01:6D:58:FF:E4:28:7D:2A:14:AE:3B

If you want to surpress the warnings, this should help - http://mercurial.selenic.com/wiki/CACertificates

Suggest an answer

Log in or Sign up to answer
TAGS
AUG Leaders

Atlassian Community Events