diff options
| author | Maximilian Hils <git@maximilianhils.com> | 2014-01-22 16:01:31 +0100 |
|---|---|---|
| committer | Maximilian Hils <git@maximilianhils.com> | 2014-01-22 16:01:31 +0100 |
| commit | 94e530ec4fe4378f89eea44796f31847da52ddf2 (patch) | |
| tree | e8f30dc5fefd0654e4d700a01e4364f0ea25b8a0 /doc-src/ssl.html | |
| parent | 1786d778194b543ae77468a716c9e15caf247180 (diff) | |
| parent | 9044b8b8f534debf84de553bf1e57cd91a08ee91 (diff) | |
| download | mitmproxy-94e530ec4fe4378f89eea44796f31847da52ddf2.tar.gz mitmproxy-94e530ec4fe4378f89eea44796f31847da52ddf2.tar.bz2 mitmproxy-94e530ec4fe4378f89eea44796f31847da52ddf2.zip | |
merge master
Diffstat (limited to 'doc-src/ssl.html')
| -rw-r--r-- | doc-src/ssl.html | 63 |
1 files changed, 0 insertions, 63 deletions
diff --git a/doc-src/ssl.html b/doc-src/ssl.html deleted file mode 100644 index c904cf61..00000000 --- a/doc-src/ssl.html +++ /dev/null @@ -1,63 +0,0 @@ - -The first time __mitmproxy__ or __mitmdump__ is run, a set of certificate files -for the mitmproxy Certificate Authority are created in the config directory -(~/.mitmproxy by default). The files are as follows: - -<table class="table"> - <tr> - <td class="nowrap">mitmproxy-ca.pem</td> - <td>The private key and certificate in PEM format.</td> - </tr> - <tr> - <td class="nowrap">mitmproxy-ca-cert.pem</td> - <td>The certificate in PEM format. Use this to distribute to most - non-Windows platforms.</td> - </tr> - <tr> - <td class="nowrap">mitmproxy-ca-cert.p12</td> - <td>The certificate in PKCS12 format. For use on Windows.</td> - </tr> - <tr> - <td class="nowrap">mitmproxy-ca-cert.cer</td> - <td>Same file as .pem, but with an extension expected by some Android - devices.</td> - </tr> -</table> - -This CA is used for on-the-fly generation of dummy certificates for SSL -interception. Since your browser won't trust the __mitmproxy__ CA out of the -box (and rightly so), you will see an SSL cert warning every time you visit a -new SSL domain through __mitmproxy__. When you're testing a single site through -a browser, just accepting the bogus SSL cert manually is not too much trouble, -but there are a many circumstances where you will want to configure your -testing system or browser to trust the __mitmproxy__ CA as a signing root -authority. - - -Using a custom certificate --------------------------- - -You can use your own certificate by passing the __--cert__ option to mitmproxy. - -The certificate file is expected to be in the PEM format. You can generate -a certificate in this format using these instructions: - -<pre class="terminal"> -> openssl genrsa -out cert.key 8192 -> openssl req -new -x509 -key cert.key -out cert.crt - (Specify the mitm domain as Common Name, e.g. *.google.com) -> cat cert.key cert.crt > cert.pem -> mitmproxy --cert=cert.pem -</pre> - - -Installing the mitmproxy CA ---------------------------- - -* [Firefox](@!urlTo("certinstall/firefox.html")!@) -* [OSX](@!urlTo("certinstall/osx.html")!@) -* [Windows 7](@!urlTo("certinstall/windows7.html")!@) -* [iPhone/iPad](@!urlTo("certinstall/ios.html")!@) -* [IOS Simulator](@!urlTo("certinstall/ios-simulator.html")!@) -* [Android](@!urlTo("certinstall/android.html")!@) - |