The SSL certificate allows you to establish end-to-end encrypted connections when using Residential Proxies, Web Unlocker API or the SERP API in native proxy mode.If you are just doing preliminary testing, you can also proceed without the SSL certificate and use it later.Using the SSL certificate is straight forward. You download it, and choose how you want to use it in your environment.
The Bright Data Browser Extension does not yet support the new SSL certificate. Refrain from upgrading to the new certificate if you use the Browser Extension.
Bright data now using an updated SSL Certificate which expires in September 2034. When using this certificate it is essential to configure your native proxy port to be 33335 which is the port serving requests secured by the new certificate.If you use our old SSL certificate note that it is deprecated and expires in September 2026, and works towards port 22225. To ensure your smooth and secure operations use the new certificate with port 33335. Read more in: FAQ: Which port shall I use 22225 or 33335
If you write scraping code, in most cases, you do not need to install the SSL certificate in your environment. Simply load the SSL certificate in your code. For example, for CURL:
curl --proxy brd.superproxy.io:33335 --proxy-user brd-customer-<account-id>-zone-<zone-name>:<zone-password> --cacert <PATH TO CA.CRT> "https://geo.brdtest.com/mygeo.json"
You can refer to Bright Data sample code examples in the dashboard for exact syntax.
In some cases, for example when using some third party tools that don’t allow loading the certificate from your hard drive, you still need to install the SSL certificate on your computer.
The SSL certificate needs to be installed on the host that is running the actual scraping code or application.In most cases this is your PC but, if you use a cloud-hosted server to run your code, you need to install the SSL certificate on the server itself.
In some cases you will need to install our certificate or ignore SSL errors in order to get access to specific products or features. In case you are not interested in installing our certificate, you can ignore SSL errors. Check out the following code snippets for different programming languages, the highlighted part is what needs to be added to your code in order to ignore SSL errors.
#!/usr/bin/env nodeconst { ProxyAgent, setGlobalDispatcher } = require('undici');// Make sure you set rejectUnauthorized to false on the proxy's TLS optionssetGlobalDispatcher(new ProxyAgent({ uri: 'http://brd-customer-<customer_id>-zone-<zone_name>:<zone_password>@brd.superproxy.io:33335', requestTls: { rejectUnauthorized: false },}));(async () => { const response = await fetch('http://brdtest.com/myip.json'); console.log(await response.text());})();
#!/usr/bin/env pythonprint('If you get error "ImportError: No module named \'six\'" install six:\n'+\ '$ sudo pip install six');import sys# Make sure you add these two line to ignore ssl errorimport sslssl._create_default_https_context = ssl._create_unverified_contextif sys.version_info[0]==2: import six from six.moves.urllib import request opener = request.build_opener( request.ProxyHandler( {'http': 'http://brd-customer-<customer_id>-zone-<zone_name>:<zone_password>@brd.superproxy.io:33335', 'https': 'http://brd-customer-<customer_id>-zone-<zone_name>:<zone_password>@brd.superproxy.io:33335'})) print(opener.open('http://brdtest.com/myip.json').read())if sys.version_info[0]==3: import urllib.request opener = urllib.request.build_opener( urllib.request.ProxyHandler( {'http': 'http://brd-customer-<customer_id>-zone-<zone_name>:<zone_password>@brd.superproxy.io:33335', 'https': 'http://brd-customer-<customer_id>-zone-<zone_name>:<zone_password>@brd.superproxy.io:33335'})) print(opener.open('http://brdtest.com/myip.json').read())
using System;using System.Net;class Example{ static void Main() { // Make sure you add this line to ignore ssl error ServicePointManager.ServerCertificateValidationCallback += (sender, cert, chain, sslPolicyErrors) => true; var client = new WebClient(); client.Proxy = new WebProxy("brd.superproxy.io:33335"); client.Proxy.Credentials = new NetworkCredential("brd-customer-<customer_id>-zone-<zone_name>", "<zone_password>"); Console.WriteLine(client.DownloadString("http://brdtest.com/myip.json")); }}
package example;import org.apache.http.HttpHost;import org.apache.http.client.fluent.*;public class Example { public static void main(String[] args) throws Exception { HttpHost proxy = new HttpHost("brd.superproxy.io", 33335); String res = Executor.newInstance() .auth(proxy, "brd-customer-<customer_id>-zone-<zone_name>", "<zone_password>") .execute(Request.Get("http://brdtest.com/myip.json").viaProxy(proxy)) .returnContent().asString(); System.out.println(res); }}/*In the above example, we are not explicitly ignoring SSLI will share with you a short code I wrote that does ignore SSL using JAVA (was taken from cloud proxy manager examples) */import java.io.*;import java.net.*;import java.security.cert.X509Certificate;import javax.net.ssl.*;import java.util.Base64;public class Example { public static void main(String[] args) throws Exception { // Disable restricted headers for proxy authentication System.setProperty("jdk.http.auth.tunneling.disabledSchemes", ""); // Set up a TrustManager that does not validate certificate chains SSLContext sc = SSLContext.getInstance("SSL"); TrustManager trust_manager = new X509TrustManager() { public X509Certificate[] getAcceptedIssuers() { return null; } public void checkClientTrusted(X509Certificate[] certs, String authType) { } public void checkServerTrusted(X509Certificate[] certs, String authType) { } }; TrustManager[] trust_all = new TrustManager[] { trust_manager }; sc.init(null, trust_all, new java.security.SecureRandom()); HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory()); // Set up the proxy and open a connection URL url = new URL("https://geo.brdtest.com/mygeo.json"); Proxy proxy = new Proxy(Proxy.Type.HTTP, new InetSocketAddress("brd.superproxy.io", 33335)); URLConnection yc = url.openConnection(proxy); // Set default Authenticator for proxy authentication Authenticator.setDefault(new Authenticator() { @Override public PasswordAuthentication getPasswordAuthentication() { return new PasswordAuthentication("brd-customer-<customer_id>-zone-<zone_name>", "<zone_password>".toCharArray()); } }); // Read and print the response from the server BufferedReader in = new BufferedReader(new InputStreamReader(yc.getInputStream())); String inputLine; while ((inputLine = in.readLine()) != null) System.out.println(inputLine); in.close(); }}
Imports System.NetModule Module1 Sub Main() ' Make sure you add this line to ignore ssl error ServicePointManager.ServerCertificateValidationCallback = Function(se, cert, chain, sslerror) True Dim Client As New WebClient Client.Proxy = New WebProxy("http://brd.superproxy.io:33335") Client.Proxy.Credentials = New NetworkCredential("brd-customer-<customer_id>-zone-<zone_name>", "<zone_password>") Console.WriteLine(Client.DownloadString("http://brdtest.com/myip.json")) End SubEnd Module
<?php$curl = curl_init('http://brdtest.com/myip.json');curl_setopt($curl, CURLOPT_PROXY, 'http://brd.superproxy.io:33335');curl_setopt($curl, CURLOPT_PROXYUSERPWD, 'brd-customer-<customer_id>-zone-<zone_name>:<zone_password>');// Make sure you add this line to ignore ssl errorcurl_setopt($curl, CURLOPT_SSL_VERIFYPEER, 0);curl_exec($curl);?>
#!/usr/bin/perluse LWP::UserAgent;# Make sure you add this line to ignore ssl erroruse IO::Socket::SSL qw( SSL_VERIFY_NONE );my $agent = LWP::UserAgent->new();$agent->proxy(['http', 'https'], "http://brd-customer-<customer_id>-zone-<zone_name>:<zone_password>\@brd.superproxy.io:33335");$agent->ssl_opts(verify_hostname => 0, SSL_verify_mode => SSL_VERIFY_NONE);print $agent->get('http://brdtest.com/myip.json')->content();
Some features require the Proxy Manager to have access to HTTPS traffic. This can be done by enabling the SSL Analyzing option on the proxy port configuration page.Once you allow Proxy Manager to terminate the SSL you will also need to trust Bright Data Certificate Authority (CA).Under the hood Proxy Manager will create a secure encrypted HTTPS connection with the target site, decrypt the traffic to log requests and run rules based on your settings and then pass the response back to your client in an encrypted HTTPS connection with a certificate signed by our CA certificate.