Zotero desktop sync through proxy and SSL interception

I would like to use Zotero Desktop at work and sync to the zotero server. The problem is (1) my internet traffic goes through an authenticated proxy and (2) all SSL is intercepted by work using a custom root certificate. This can not be circumvented.

When I try to sync to the Zotero server, the Zotero Desktop "sync" icon spins for a long time, then eventually returns the error "Error connecting to server. Check your Internet connection."

I have tried following the instructions at both:
https://www.zotero.org/support/kb/ssl_certificate_error
and
https://www.zotero.org/support/kb/cert_override
and neither of these help. Any suggestions would be much appreciated.
  • https://www.zotero.org/support/kb/cert_override is the relevant set of instructions. What exactly have you done there?
  • Well unfortunately my company has already installed the relevant root certificate. Therefore, it doesn't appear in cert_override.txt in the Firefox installation, so I can't copy it over.

    I have also tried copying over the entire certificate database (cert8.db) from Firefox (since the certificate is trusted there) over to the Zotero installation. No luck.

    When I use the Zotero Firefox plugin, everything works fine. But Firefox is not my default browser, so I'm most interested in the desktop version.

    Also turned on output logging. Not very helpful:

    [JavaScript Error: "1476800592920 Toolkit.Telemetry ERROR TelemetrySend::_doPing - error making request to https://incoming.telemetry.mozilla.org/submit/telemetry/fa7ba372-096b-4c56-9271-1a475d1674dc/main/Zotero/4.0.29.10/release/20160511?v=4: timeout" {file: "resource://gre/modules/Log.jsm" line: 749}]

    [JavaScript Error: "1476800592920 Toolkit.Telemetry ERROR TelemetrySend::sendPersistedPings - failed to send ping fa7ba372-096b-4c56-9271-1a475d1674dc: {"isTrusted":true}" {file: "resource://gre/modules/Log.jsm" line: 749}]

    [JavaScript Error: "Error connecting to server. Check your Internet connection." {file: "chrome://zotero/content/xpcom/sync.js" line: 2595}]

    [JavaScript Error: "Error connecting to server. Check your Internet connection." {file: "chrome://zotero/content/xpcom/sync.js" line: 652}]

    version => 4.0.29.10, platform => Win32, oscpu => Windows NT 6.1; WOW64, locale => en-US, appName => Zotero, appVersion => 4.0.29.10

    (1)(+0133802): Error connecting to server. Check your Internet connection.

    (1)(+0000000): Error: Error connecting to server. Check your Internet connection.
    ===== Stack Trace =====
    Zotero.Sync.Runner</this.error@chrome://zotero/content/xpcom/sync.js:652:1
    Zotero.Sync.Runner</this.sync/<.onError@chrome://zotero/content/xpcom/sync.js:622:5
    _error@chrome://zotero/content/xpcom/sync.js:2604:3
    _checkResponse@chrome://zotero/content/xpcom/sync.js:2026:1
    Zotero.Sync.Server</login/<@chrome://zotero/content/xpcom/sync.js:1453:4
    _fulfilled@resource://zotero/q.js:887:54
    when/</<@resource://zotero/q.js:917:30
    makePromise/promise.promiseDispatch@resource://zotero/q.js:571:13
    defer/become/</<@resource://zotero/q.js:474:17
    onTick@resource://zotero/q.js:163:17
    setTimeout</setTimeout/<.notify@resource://zotero/q.js:78:7
    =======================
  • I have also tried copying over the entire certificate database (cert8.db) from Firefox
    I'm not sure if that will work, but if it does you'd probably want to copy key3.db and secmod.db too.
  • Thanks for the suggestion. Unfortunately, that didn't work either. Maybe my company is simply blocking the traffic? Who knows.
  • Technically you should get a different error for a certificate error, so I'd guess that it's just that your proxy settings aren't being used. Check if Firefox has proxy settings hard-coded or is set to use the system proxy settings. Zotero should pick up the latter automatically (though there are some configurations that could cause trouble), but for the former you'd have to apply the same settings via about:config in Zotero.
  • It should be using autodetect from system settings. This is the Firefox setting that works. I also tried both (1) entering the autoconf URL and (2) manually setting the http proxy URL. Both of those yielded the same result.
  • My comment here might be relevant. Firefox (and therefore Zotero) doesn't use proxy auto-detection when it's set to use system proxy settings. You should be able to configure this manually in about:config, though, so see the steps I list there to see if you're configuring this properly.
  • Excellent! That totally worked, Dan, thanks for the help!

    Since I had changed so many things trying to get this to work, I deleted my profile and started anew. The two things that made the sync work were:
    1) in about:config, change network.proxy.type = 4 to allow for proxy autodetection (which my network uses)
    2) Copy cert8.db from my Firefox profile (%AppData%/Mozilla/Firefox/Profiles/#######.default/cert8.db) to the Zotero profile (%AppData%/Zotero/Profiles/######.default/cert8.db). This was necessary because my company intercepts SSL traffic and re-encrypts with a custom certificate.

    Thanks again for all of the help!
Sign In or Register to comment.