mitmproxy/doc-src/ssl.html


SSL
===

The first time __mitmproxy__ or __mitmdump__ is started, the following set of
certificate files for a dummy Certificate Authority are created in the config
directory (~/.mitmproxy by default): 

<table>
    <tr>
        <td>mitmproxy-ca.pem</td>
        <td>The private key and certificate in PEM format.</td>
    </tr>
    <tr>
        <td>mitmproxy-ca-cert.pem</td>
        <td>Just the certificate in PEM format. Use this to distribute to most
        non-Windows platforms.</td>
    </tr>
    <tr>
        <td>mitmproxy-ca-cert.p12</td>
        <td>Just the certificate in PKCS12 format. For use on Windows.</td>
    </tr>
</table>
    
This dummy CA is used for on-the-fly generation of
dummy certificates for SSL interception. Since your browser won't trust the
__mitmproxy__ dummy CA out of the box (and rightly so), so you will see an SSL
cert warning every time you visit a new SSL domain through __mitmproxy__. When
you're testing a single site through a browser, just accepting the bogus SSL
cert manually is not too much of a hassle, but there are a number of cases
where you will want to configure your testing system or browser to trust the
__mitmproxy__ CA as a signing root authority:

- If you are testing non-browser software that checks SSL cert validiy.
- You are testing an app that makes non-interactive (JSONP, script src, etc.)
requests to SSL resources. Another workaround in this case is to manually visit
the page through the browser, and add a certificate exception.
- You just don't want to deal with the hassle of continuously adding cert
exceptions.


Installing the mitmproxy CA
===========================


* Browser certificate installation: 
    * [Firefox](@!urlTo("certinstall/firefox.html")!@)
    * [Safari](@!urlTo("certinstall/safari.html")!@)
    * [Internet Explorer](@!urlTo("certinstall/ie.html")!@)
* System-wide certificate installation:
    * [OSX](@!urlTo("certinstall/osx.html")!@)
    * [Windows 7](@!urlTo("certinstall/windows7.html")!@)
    * [iPhone/iPad](@!urlTo("certinstall/ios.html")!@)
Stub out doc structure, add screenshots for configuring certs in Firefox. 2011-02-19 06:43:44 +00:00
Begin to flesh out and refactor docs. 2011-03-15 22:09:10 +00:00			`SSL`
			`===`

Docs. 2011-03-18 04:53:00 +00:00			`The first time __mitmproxy__ or __mitmdump__ is started, the following set of`
			`certificate files for a dummy Certificate Authority are created in the config`
			`directory (~/.mitmproxy by default):`

			`<table>`
			`<tr>`
			`<td>mitmproxy-ca.pem</td>`
			`<td>The private key and certificate in PEM format.</td>`
			`</tr>`
			`<tr>`
			`<td>mitmproxy-ca-cert.pem</td>`
			`<td>Just the certificate in PEM format. Use this to distribute to most`
			`non-Windows platforms.</td>`
			`</tr>`
			`<tr>`
			`<td>mitmproxy-ca-cert.p12</td>`
			`<td>Just the certificate in PKCS12 format. For use on Windows.</td>`
			`</tr>`
			`</table>`

			`This dummy CA is used for on-the-fly generation of`
			`dummy certificates for SSL interception. Since your browser won't trust the`
			`__mitmproxy__ dummy CA out of the box (and rightly so), so you will see an SSL`
			`cert warning every time you visit a new SSL domain through __mitmproxy__. When`
			`you're testing a single site through a browser, just accepting the bogus SSL`
			`cert manually is not too much of a hassle, but there are a number of cases`
			`where you will want to configure your testing system or browser to trust the`
			`__mitmproxy__ CA as a signing root authority:`
Begin to flesh out and refactor docs. 2011-03-15 22:09:10 +00:00
			`- If you are testing non-browser software that checks SSL cert validiy.`
			`- You are testing an app that makes non-interactive (JSONP, script src, etc.)`
			`requests to SSL resources. Another workaround in this case is to manually visit`
			`the page through the browser, and add a certificate exception.`
			`- You just don't want to deal with the hassle of continuously adding cert`
			`exceptions.`


			`Installing the mitmproxy CA`
			`===========================`

Docs, minor cert tweaks. 2011-03-17 20:04:49 +00:00
Begin to flesh out and refactor docs. 2011-03-15 22:09:10 +00:00			`* Browser certificate installation:`
Docs, minor cert tweaks. 2011-03-17 20:04:49 +00:00			`* [Firefox](@!urlTo("certinstall/firefox.html")!@)`
			`* [Safari](@!urlTo("certinstall/safari.html")!@)`
			`* [Internet Explorer](@!urlTo("certinstall/ie.html")!@)`
Begin to flesh out and refactor docs. 2011-03-15 22:09:10 +00:00			`* System-wide certificate installation:`
Docs, minor cert tweaks. 2011-03-17 20:04:49 +00:00			`* [OSX](@!urlTo("certinstall/osx.html")!@)`
			`* [Windows 7](@!urlTo("certinstall/windows7.html")!@)`
			`* [iPhone/iPad](@!urlTo("certinstall/ios.html")!@)`