diff options
| author | Marcelo Glezer <mg@tekii.com.ar> | 2014-12-11 14:54:14 -0300 |
|---|---|---|
| committer | Marcelo Glezer <mg@tekii.com.ar> | 2014-12-11 14:54:14 -0300 |
| commit | 4952643a0d76eb1e9bd51cbbe95c565ae48b97a2 (patch) | |
| tree | f43fc647bdfabb522bdef32e21ea4a36404cc311 /doc-src/ssl.html | |
| parent | 83b1d4e0e0490e5be05943da459c925a3ee3ff14 (diff) | |
| parent | ffb95a1db742d71d7671f9e9c6db552774bb0ead (diff) | |
| download | mitmproxy-4952643a0d76eb1e9bd51cbbe95c565ae48b97a2.tar.gz mitmproxy-4952643a0d76eb1e9bd51cbbe95c565ae48b97a2.tar.bz2 mitmproxy-4952643a0d76eb1e9bd51cbbe95c565ae48b97a2.zip | |
Merge remote-tracking branch 'base/master'
Diffstat (limited to 'doc-src/ssl.html')
| -rw-r--r-- | doc-src/ssl.html | 31 |
1 files changed, 28 insertions, 3 deletions
diff --git a/doc-src/ssl.html b/doc-src/ssl.html index 91225d79..3fa0e070 100644 --- a/doc-src/ssl.html +++ b/doc-src/ssl.html @@ -41,10 +41,26 @@ The files created by mitmproxy in the .mitmproxy directory are as follows: Using a custom certificate -------------------------- -You can use your own certificate by passing the __--cert__ option to mitmproxy. +You can use your own certificate by passing the <kbd>--cert</kbd> option to mitmproxy. mitmproxy then uses the provided +certificate for interception of the specified domains instead of generating a cert signed by its own CA. -The certificate file is expected to be in the PEM format. You can generate -a certificate in this format using these instructions: +The certificate file is expected to be in the PEM format. +You can include intermediary certificates right below your leaf certificate, so that you PEM file roughly looks like +this: + +<pre> +-----BEGIN PRIVATE KEY----- +<private key> +-----END PRIVATE KEY----- +-----BEGIN CERTIFICATE----- +<cert> +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +<intermediary cert (optional)> +-----END CERTIFICATE----- +</pre> + +For example, you can generate a certificate in this format using these instructions: <pre class="terminal"> > openssl genrsa -out cert.key 8192 @@ -55,6 +71,15 @@ a certificate in this format using these instructions: </pre> +Using a custom certificate authority +------------------------------------ + +By default, mitmproxy will (generate and) use <samp>~/.mitmproxy/mitmproxy-ca.pem</samp> as the default certificate +authority to generate certificates for all domains for which no custom certificate is provided (see above). +You can use your own certificate authority by passing the <kbd>--confdir</kbd> option to mitmproxy. +mitmproxy will then look for <samp>mitmproxy-ca.pem</samp> in the specified directory. If no such file exists, +it will be generated automatically. + Installing the mitmproxy CA --------------------------- |