From 35a952ef3c8a498d67345b61d714fa3aa23cef4a Mon Sep 17 00:00:00 2001
From: Aldo Cortesi <aldo@nullcube.com>
Date: Fri, 18 Mar 2011 17:53:00 +1300
Subject: Docs.

---
 doc-src/ssl.html | 37 ++++++++++++++++++++++++++++---------
 1 file changed, 28 insertions(+), 9 deletions(-)

(limited to 'doc-src/ssl.html')
diff --git a/doc-src/ssl.html b/doc-src/ssl.html
index eb68dc95..7df6771b 100644
--- a/doc-src/ssl.html
+++ b/doc-src/ssl.html
@@ -2,15 +2,34 @@
 SSL
 ===
 
-The first time __mitmproxy__ or __mitmdump__ is started, a dummy SSL
-certificate authority is generated (the default location is
-~/.mitmproxy/ca.pem). This dummy CA is used to generate dummy certificates for
-SSL interception on-the-fly. Since your browser won't trust the __mitmproxy__
-dummy CA out of the box (and rightly so), so you will see an SSL cert warning
-every time you visit a new SSL domain through __mitmproxy__. When you're
-testing a single site, just accepting the bogus SSL cert manually is not too
-much of a hassle, but there are a number of cases where you will want to
-configure your testing system or browser to trust __mitmproxy__:
+The first time __mitmproxy__ or __mitmdump__ is started, the following set of
+certificate files for a dummy Certificate Authority are created in the config
+directory (~/.mitmproxy by default): 
+
+<table>
+    <tr>
+        <td>mitmproxy-ca.pem</td>
+        <td>The private key and certificate in PEM format.</td>
+    </tr>
+    <tr>
+        <td>mitmproxy-ca-cert.pem</td>
+        <td>Just the certificate in PEM format. Use this to distribute to most
+        non-Windows platforms.</td>
+    </tr>
+    <tr>
+        <td>mitmproxy-ca-cert.p12</td>
+        <td>Just the certificate in PKCS12 format. For use on Windows.</td>
+    </tr>
+</table>
+    
+This dummy CA is used for on-the-fly generation of
+dummy certificates for SSL interception. Since your browser won't trust the
+__mitmproxy__ dummy CA out of the box (and rightly so), so you will see an SSL
+cert warning every time you visit a new SSL domain through __mitmproxy__. When
+you're testing a single site through a browser, just accepting the bogus SSL
+cert manually is not too much of a hassle, but there are a number of cases
+where you will want to configure your testing system or browser to trust the
+__mitmproxy__ CA as a signing root authority:
 
 - If you are testing non-browser software that checks SSL cert validiy.
 - You are testing an app that makes non-interactive (JSONP, script src, etc.)
-- 
cgit v1.2.3


mitmproxy-ca.pem	The private key and certificate in PEM format.
mitmproxy-ca-cert.pem	Just the certificate in PEM format. Use this to distribute to most + non-Windows platforms.
mitmproxy-ca-cert.p12	Just the certificate in PKCS12 format. For use on Windows.