Docs.

2024-11-26 10:16:27 +00:00 · 2011-03-18 17:53:00 +13:00 · 2011-03-18 17:53:00 +13:00 · 35a952ef3c
commit 35a952ef3c
parent e22fd74d06
8 changed files with 43 additions and 47 deletions
--- a/doc-src/certinstall/firefox.html
+++ b/doc-src/certinstall/firefox.html
@ -1,13 +1,15 @@

-### 1: Open preferences, click on "Advanced", then select"Encryption":
+### 1. If needed, copy the ~/.mitmproxy/mitmproxy-ca-cert.pem file to the target.
+
+### 2: Open preferences, click on "Advanced", then select"Encryption":

 <img src="@!urlTo('firefox3.jpg')!@"/>

-### 2: Click "View Certificates", "Import", and select the certificate file: 
+### 3: Click "View Certificates", "Import", and select the certificate file: 

 <img src="@!urlTo('firefox3-import.jpg')!@"/>

-### 3: Tick "Trust this CS to identify web sites", and click "Ok":
+### 4: Tick "Trust this CS to identify web sites", and click "Ok":

 <img src="@!urlTo('firefox3-trust.jpg')!@"/>

--- a/doc-src/certinstall/osx.html
+++ b/doc-src/certinstall/osx.html
@ -2,11 +2,7 @@
 ### 1: Open Finder, and double-click on the mitmproxy ca.pem file.


-### 2: You will be prompted to add the certificate. Click "Add": 
-
-<img src="@!urlTo('osx-addcert.png')!@"/>
-
-### 3: Click "Always Trust": 
+### 2: You will be prompted to add the certificate. Click "Always Trust": 

 <img src="@!urlTo('osx-addcert-alwaystrust.png')!@"/>

--- a/doc-src/certinstall/windows7.html
+++ b/doc-src/certinstall/windows7.html
@ -1,40 +1,19 @@

-The Windows certificate manager expects a different certificate format from the
-one used by mitmproxy. The easiest way to convert the cert to the appropriate
-format is to use the Firefox web browser.
+These instructions were tested on Windows 7. 

+### 1: Copy the ~/.mitmproxy/mitmproxy-ca-cert.p12 file to the target system.

-### 1: Make sure Firefox is installed on the system.
+### 2: Double-click the certificate file. You should see a certificate import wizard:

-### 2: Fire up mitmproxy on the interception host. 
-
-### 3: Configure Firefox to use the mitmproxy interceptor.
-
-### 4: Using Firefox, browse to an SSL-protected domain. You will see a warning: 
-
-
-### 5: Click "I understand the risks" and "Add Exception":
-
-
-### 6: Click "Get certificate", "View", and switch to the "Details" tab:
-
-
-### 7: Click "Export", and save the certificate in "X.509 Certificate (PEM)" format:
-
-
-### 8: Next, start a command prompt, and type "certmgr" to start the Certificate Manager:
-
-
-### 9: From the top menu, select "Action", "All tasks", and then "Import":
-
-
-### 10: Click "Next", and browse to select the cert we just exported from Firefox:
-
-
-### 11: Click "Next", and "Finish" to complete the import. Accept all warning prompts.
+<img src="@!urlTo('win7-wizard.png')!@"/>

+### 3: Click "Next" until you're prompted for the certificate store:

+<img src="@!urlTo('win7-certstore.png')!@"/>

+### 4: Select "Place all certificates in the following store, and select "Trusted Root Certification Authorities":

+<img src="@!urlTo('win7-certstore-trustedroot.png')!@"/>

+### 5: Click "Next" and "Finish". 

--- a/doc-src/screenshots/osx-addcert.png
+++ b/doc-src/screenshots/osx-addcert.png
--- a/doc-src/screenshots/win7-certstore-trustedroot.png
+++ b/doc-src/screenshots/win7-certstore-trustedroot.png
--- a/doc-src/screenshots/win7-certstore.png
+++ b/doc-src/screenshots/win7-certstore.png
--- a/doc-src/screenshots/win7-wizard.png
+++ b/doc-src/screenshots/win7-wizard.png
--- a/doc-src/ssl.html
+++ b/doc-src/ssl.html
@ -2,15 +2,34 @@
 SSL
 ===

-The first time __mitmproxy__ or __mitmdump__ is started, a dummy SSL
-certificate authority is generated (the default location is
-~/.mitmproxy/ca.pem). This dummy CA is used to generate dummy certificates for
-SSL interception on-the-fly. Since your browser won't trust the __mitmproxy__
-dummy CA out of the box (and rightly so), so you will see an SSL cert warning
-every time you visit a new SSL domain through __mitmproxy__. When you're
-testing a single site, just accepting the bogus SSL cert manually is not too
-much of a hassle, but there are a number of cases where you will want to
-configure your testing system or browser to trust __mitmproxy__:
+The first time __mitmproxy__ or __mitmdump__ is started, the following set of
+certificate files for a dummy Certificate Authority are created in the config
+directory (~/.mitmproxy by default): 
+
+<table>
+    <tr>
+        <td>mitmproxy-ca.pem</td>
+        <td>The private key and certificate in PEM format.</td>
+    </tr>
+    <tr>
+        <td>mitmproxy-ca-cert.pem</td>
+        <td>Just the certificate in PEM format. Use this to distribute to most
+        non-Windows platforms.</td>
+    </tr>
+    <tr>
+        <td>mitmproxy-ca-cert.p12</td>
+        <td>Just the certificate in PKCS12 format. For use on Windows.</td>
+    </tr>
+</table>
+    
+This dummy CA is used for on-the-fly generation of
+dummy certificates for SSL interception. Since your browser won't trust the
+__mitmproxy__ dummy CA out of the box (and rightly so), so you will see an SSL
+cert warning every time you visit a new SSL domain through __mitmproxy__. When
+you're testing a single site through a browser, just accepting the bogus SSL
+cert manually is not too much of a hassle, but there are a number of cases
+where you will want to configure your testing system or browser to trust the
+__mitmproxy__ CA as a signing root authority:

 - If you are testing non-browser software that checks SSL cert validiy.
 - You are testing an app that makes non-interactive (JSONP, script src, etc.)