> ## Documentation Index
> Fetch the complete documentation index at: https://docs.toolip.io/llms.txt
> Use this file to discover all available pages before exploring further.

# SSL Certificate

You’re going to need an SSL certificate to maintain a clean and end-to-end encrypted connection between your host and the target website while using Toolip Residential Proxies.

Prefer an enterprise-grade guide? Learn more about Oculus Proxies <a href="https://docs.oculusproxies.com/proxy-networks/rotating-residential/ssl-certificate" target="_blank" rel="noopener">Rotating Residential Proxies SSL Certificate</a>.

You can easily install the SSL certificate manually using the steps below, or by running a simple script (recommended).

If you prefer not to install the SSL certificate at this point, you can simply ignore SSL errors in your code for now.&#x20;

But, **if you're facing issues** while using the Rotating Residential Proxies, it's likely due to either a **missing SSL certificate** or **not properly ignoring SSL errors** in your code.

## Download the SSL certificate

**Right click** on this [link](https://toolip.io/ssl_toolip_certificate.cer) to “save as” the file to your hard drive.

## Using the SSL certificate in your code

If you write scraping code, in most cases, you do not need to install the SSL certificate in your environment. Simply load the SSL certificate in your code. For example, for CURL:

```bash theme={null}
curl --proxy "login:password@proxy.toolip.io:31113" --cacert "path/to/ssl_toolip_certificate.cer" "http://httpbin.org/ip"
```

You can refer to toolip sample code examples in the dashboard for exact syntax.

### Installation of the SSL certificate

In some cases, for example when using some third party tools that don’t allow loading the certificate from your hard drive, you still need to install the SSL certificate on your computer. This takes 2 minutes - simply follow these instructions:

<Tabs>
  <Tab title="Windows">
    * Double click the `ssl_toolip_certificate.cer` file to see a popup with certificate details

    * Click on **Install Certificate** button

    * Follow the Windows instructions to install the certificate.
  </Tab>

  <Tab title="Chrome">
    * Type in the address bar: `chrome://settings/privacy`

    * Click on **Security**

    * Scroll down and click on **Manage certificates**

    * Go to **Trusted Certification Authorities** tab and click **Import**

    * Click on **Next**

    * Click **Browse** and select the certificate you just downloaded, and click **Next**

    * Select **Place all certificates in the following store** and click **Next**

    * Make sure **Certificate Store Selected by User** is *Trusted Root Certification Authorities*, and click **Finish**
  </Tab>

  <Tab title="Firefox">
    * Type in the address bar: `about:preferences#privacy`

    * Scroll down to the **Certificates** section

    * Click on the **View Certificates** button. This will open the Certificate Manager

    * Select the **Authorities** tab, and click **Import** button

    * Navigate to where you saved your certificate file, select it, and click **Open**.

    * In the popup box click the checkbox **Trust this CA to identify websites**

    * Click **OK** to finish the import.
  </Tab>

  <Tab title="Linux">
    * Copy the downloaded certificate file `ssl_toolip_certificate.cer` to the `/usr/local/share/ca-certificates/` folder.

    * Run `sudo update-ca-certificates`. The output of the command should state that 1 certificate was added.

    * Go to an SSL-protected website to check that everything is working as cted.
  </Tab>

  <Tab title="macOS">
    * Go to the **Keychain Access** app  on your Mac.

    * Drag the `ssl_toolip_certificate.cer` file onto the Keychain Access app.

    * If you’re asked to provide a name and password, type the name and password for an administrator user on this computer.

    * Double-click the `ssl_toolip_certificate.cer` certificate to see a popup with certificate settings.

    * Expand the **Trust** section.

    * Set the desired trust level from the dropdown (e.g., “Always Trust”).

    * Restart your browser and go to an SSL-protected website to check that everything is working as expected.
  </Tab>

  <Tab title="iOS">
    * Open up Safari and download the certificate

    * Go to **Settings > General > About > Certificate Trust Settings**.

    * Enable the `ssl_toolip_certificate.cer` certificate

    * After enabling the certificate, it’s a good idea to restart your iPhone to ensure it works properly.

    * You can now go to an SSL-protected website in any browser installed in your system to check that everything is working as expected.
  </Tab>

  <Tab title="Android">
    * Download the certificate and save it on your phone

    * Open **Settings**

    * Go to **Security** (or Security & privacy depending on your device).

    * Select **Encryption & credentials** or **Install from storage** under the "Credential storage" section

    * Tap **Install a certificate**

    * Select the certificate type: **VPN and apps**

    * Locate and select the certificate file from your downloads or file manager.

    * You will be prompted to name the certificate. Give it a recognizable name, then tap **OK**

    * The certificate will now be installed and trusted by your device.

    * To ensure the certificate is properly installed, it’s a good idea to restart your Android device

    * You can now go to an SSL-protected website in any browser installed in your system to check that everything is working as expected
  </Tab>
</Tabs>

## How to ignore SSL errors?

In some cases you will need to install our certificate or ignore SSL errors in order to get access to specific products or features. In case you are not interested in installing our certificate, you can ignore SSL errors. Check out the following code snippets for different programming languages, the highlighted part is what needs to be added to your code in order to ignore SSL errors.

<CodeGroup>
  ```bash Curl theme={null}
  # Add -k to ignore ssl errors
  curl --proxy "[LOGIN]:[PASSWORD]@[HOST]:[PORT]" -k "http://httpbin.org/ip"
  ```

  ```bash GO theme={null}
  package main

  import (
      "fmt"
      "net/http"
      "net/url"
      "time"
      "io/ioutil"
      "encoding/json"
  )

  type IPResponse struct {
      Origin string `json:"origin"`
  }

  func testProxy(proxy *url.URL) {
      client := &http.Client{
          Transport: &http.Transport{
              Proxy: http.ProxyURL(proxy),
          },
          Timeout: 5 * time.Second,
      }
      resp, err := client.Get("http://httpbin.org/ip")
      if err != nil {
          fmt.Printf("Error occurred while testing proxy %s: %s\n", proxy.String(), err)
          return
      }
      defer resp.Body.Close()
      if resp.StatusCode == 200 {
          body, err := ioutil.ReadAll(resp.Body)
          if err != nil {
              fmt.Printf("Error reading response from proxy %s: %s\n", proxy.String(), err)
              return
          }
          var ipResp IPResponse
          if err := json.Unmarshal(body, &ipResp); err != nil {
              fmt.Printf("Error parsing JSON from proxy %s: %s\n", proxy.String(), err)
              return
          }
          fmt.Printf("Proxy %s is working. Your IP: %s\n", proxy.String(), ipResp.Origin)
      } else {
          fmt.Printf("Proxy %s returned status code %d\n", proxy.String(), resp.StatusCode)
      }
  }

  func main() {
      proxyStr := "http://[LOGIN]:[PASSWORD]@[HOST]:[PORT]"
      proxyURL, err := url.Parse(proxyStr)
      if err != nil {
          fmt.Printf("Invalid proxy URL %s: %s\n", proxyStr, err)
      } else {
          testProxy(proxyURL)
      }
  }
  ```

  ```bash NodeJS theme={null}
  const axios = require('axios');

  async function testProxy(proxy) {
      try {
          const response = await axios.get("http://httpbin.org/ip", {
              proxy,
              timeout: 5000
          });
          if (response.status === 200) {
              console.log(`Proxy %O is working. Your IP: ${response.data.origin}`, proxy);
          } else {
              console.log(`Proxy %O returned status code ${response.status}`, proxy);
          }
      } catch (error) {
          console.log(`Error occurred while testing proxy %O: ${error.message}`, proxy);
      }
  }

  async function main() {
      const proxy = {
          host: '[HOST]',
          port: '[PORT]',
          auth: {username: '[LOGIN]', password: '[PASSWORD]'},
      };
      await testProxy(proxy);
  }

  main();
  ```

  ```bash Python theme={null}
  import requests

  def test_proxy(proxy):
      try:
          response = requests.get("http://httpbin.org/ip", proxies={"http": proxy, "https": proxy}, timeout=5)
          if response.ok:
              print(f"Proxy {proxy} is working. Your IP: {response.json()['origin']}")
          else:
              print(f"Proxy {proxy} returned status code {response.status_code}")
      except Exception as e:
          print(f"Error occurred while testing proxy {proxy}: {e}")

  def main():
      proxy = "http://[LOGIN]:[PASSWORD]@[HOST]:[PORT]"
      test_proxy(proxy)

  if __name__ == "__main__":
      main()

  ```

  ```bash PHP theme={null}
  <?php

  function testProxy($proxy) {
      $ch = curl_init();
      curl_setopt($ch, CURLOPT_URL, "http://httpbin.org/ip");
      curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
      curl_setopt($ch, CURLOPT_TIMEOUT, 5);
      curl_setopt($ch, CURLOPT_PROXY, $proxy['host']);
      curl_setopt($ch, CURLOPT_PROXYPORT, $proxy['port']);
      curl_setopt($ch, CURLOPT_PROXYUSERPWD, $proxy['login'] . ':' . $proxy['password']);
      $response = curl_exec($ch);
      $httpCode = curl_getinfo($ch, CURLINFO_HTTP_CODE);
      if ($httpCode == 200) {
          $data = json_decode($response, true);
          echo "Proxy {$proxy['host']}:{$proxy['port']} is working. Your IP: {$data['origin']}\n";
      } else {
          echo "Proxy {$proxy['host']}:{$proxy['port']} returned status code $httpCode\n";
      }
      if (curl_errno($ch)) {
          echo 'Error occurred while testing proxy ' . "{$proxy['host']}:{$proxy['port']}: " . curl_error($ch) . "\n";
      }
      curl_close($ch);
  }

  function main() {
      $proxy = [
          'host' => '[HOST]',
          'port' => '[PORT]',
          'login' => '[LOGIN]',
          'password' => '[PASSWORD]',
      ];
      testProxy($proxy);
  }

  main();
  ?>
  ```
</CodeGroup>

## How does SSL analyzing works?

Some features require the Proxy Manager to have access to HTTPS traffic. This can be done by enabling the SSL Analyzing option on the proxy port configuration page.

Once you allow Proxy Manager to terminate the SSL you will also need to [trust toolip Certificate Authority (CA)](https://toolip.io/ssl_toolip_certificate.cer).

Under the hood Proxy Manager will create a secure encrypted HTTPS connection with the target site, decrypt the traffic to log requests and run rules based on your settings and then pass the response back to your client in an encrypted HTTPS connection with a certificate signed by our CA certificate.

<Warning>Rotating Residential **does not support POST requests** and operates in **read-only mode**.</Warning>
