You can use Bright Data products without the SSL certificate:
  1. Using Bright Data proxy API. Read more: API vs. native Access
  2. Get your account verified with our KYC process
The SSL certificate allows you to establish end-to-end encrypted connections when using Residential Proxies, Mobile proxies, Web Unlocker API or the SERP API in native proxy mode. If you are just doing preliminary testing, you can also proceed without the SSL certificate and use it later. Using the SSL certificate is straight forward. You download it, and choose how you want to use it in your environment.

Download the SSL certificate

Bright data has a new SSL certificate with works with proxy port: 33335.
  1. Right click on this link to “save as” the file to your hard drive.
  2. Unzip the file and choose the certificate to use. Most users - espcially if they are new to Bright Data - should use the new SSL certificate.

Bright Data new SSL Certficate

Bright Data new SSL certificate support for browser extension is coming soon. Refrain from upgrading to the new certificate if you use the Browser Extension
Bright data now using an updated SSL Certificate which expires in September 2034. When using this certificate it is essential to configure your native proxy port to be 33335 which is the port serving requests secured by the new certificate. If you use our old SSL certificate note that it is deprecated and expires in September 2026, and works towards port 22225. To ensure your smooth and secure operations use the new certificate with port 33335. Read more in: FAQ: Which port shall I use 22225 or 33335

Using the SSL certificate in your code

If you write scraping code, in most cases, you do not need to install the SSL certificate in your environment. Simply load the SSL certificate in your code. For example, for CURL: 
curl --proxy brd.superproxy.io:33335 --proxy-user brd-customer-<account-id>-zone-<zone-name>:<zone-password> --cacert <PATH TO CA.CRT> "https://geo.brdtest.com/mygeo.json"
You can refer to Bright Data sample code examples in the dashboard for exact syntax.

Installation of the SSL certificate

In some cases, for example when using some third party tools that don’t allow loading the certificate from your hard drive, you still need to install the SSL certificate on your computer.

Where do I install the certificate?

The SSL certificate needs to be installed on the host that is running the actual scraping code or application. In most cases this is your PC but, if you use a cloud-hosted server to run your code, you need to install the SSL certificate on the server itself.

Installation instructions

This takes 2 minutes - simply follow these instructions:
  • If you didn’t do so already, Right click on this link to “save as” the file to your hard drive.
  • Double click the ca.crt file
  • Follow the Windows instructions to install the certificate.
  • Reboot your computer
  • After rebooting, you will be able to connect to Bright Data product you needed (Residential Proxy, Web Unlocker API or SERP API)

How to ignore SSL errors?

In some cases you will need to install our certificate or ignore SSL errors in order to get access to specific products or features. In case you are not interested in installing our certificate, you can ignore SSL errors. Check out the following code snippets for different programming languages, the highlighted part is what needs to be added to your code in order to ignore SSL errors. 
# Add -k to ignore ssl errors
curl --proxy brd.superproxy.io:33335 --proxy-user brd-customer-<customer_id>-zone-<zone_name>:<zone_password> -k "http://lumtest.com/myip.json"

Bright Data Proxy Manager SSL analysis

Some features require the Proxy Manager to have access to HTTPS traffic. This can be done by enabling the SSL Analyzing option on the proxy port configuration page. Once you allow Proxy Manager to terminate the SSL you will also need to trust Bright Data Certificate Authority (CA). Under the hood Proxy Manager will create a secure encrypted HTTPS connection with the target site, decrypt the traffic to log requests and run rules based on your settings and then pass the response back to your client in an encrypted HTTPS connection with a certificate signed by our CA certificate.