New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Allow configuring certain CA details, fixes #5386 #5441
base: main
Are you sure you want to change the base?
Conversation
<li><code>sudo update-ca-certificates</code></li> | ||
</ol> | ||
{% endcall %} | ||
{% call entry('macOS', 'apple') %} | ||
<h5>Manual Installation</h5> | ||
<ol> | ||
<li>Double-click the PEM file to open the <samp>Keychain Access</samp> application.</li> | ||
<li>Locate the new certificate "mitmproxy" in the list and double-click it.</li> | ||
<li>Locate the new certificate "{{ ca_basename }}" in the list and double-click it.</li> |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
If it actually the basename that is displayed there?
@@ -70,14 +70,14 @@ <h5>iOS 13+</h5> | |||
<li>Use Safari to download the certificate. Other browsers may not open the proper installation prompt.</li> | |||
<li>Install the new Profile (<samp>Settings -> General -> VPN & Device Management</samp>).</li> | |||
<li><span class="text-danger"><strong>Important:</strong> Go to <samp>Settings -> General -> About -> Certificate Trust Settings</samp>. | |||
Toggle <samp>mitmproxy</samp> to <samp>ON</samp>.</span></li> | |||
Toggle <samp>{{ ca_basename }}</samp> to <samp>ON</samp>.</span></li> |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
If it actually the basename that is displayed there?
+1 |
@roniemartinez I'm curious about your use-case |
@Prinzhorn When distributing an app that uses |
@roniemartinez: Out of curiosity, could you provide some details on your app? :) |
@mhils Sorry but cannot disclose at this moment. |
Instead of these options, would it not be better to document how to create our own CA toward the bottom of the page on certs: |
I would prefer to have this integrated, since generating the cert is only 50% of what needs to be done. E.g. I still want the
No, see #5386 (comment) . We don't want to make it trivial to hide the fact that mitmproxy is intercepting the connection. |
Description
So how would I test the "via mitmproxy" part?
Two notes:
ctx
and have it still work but with the default "mitmproxy"?mitmproxy/mitmproxy/addons/tlsconfig.py
Lines 301 to 303 in af5be0b
Checklist