diff --git a/doc-src/certinstall/firefox.html b/doc-src/certinstall/firefox.html index f661a619d..06a38e218 100644 --- a/doc-src/certinstall/firefox.html +++ b/doc-src/certinstall/firefox.html @@ -1,13 +1,15 @@ -### 1: Open preferences, click on "Advanced", then select"Encryption": +### 1. If needed, copy the ~/.mitmproxy/mitmproxy-ca-cert.pem file to the target. + +### 2: Open preferences, click on "Advanced", then select"Encryption": -### 2: Click "View Certificates", "Import", and select the certificate file: +### 3: Click "View Certificates", "Import", and select the certificate file: -### 3: Tick "Trust this CS to identify web sites", and click "Ok": +### 4: Tick "Trust this CS to identify web sites", and click "Ok": diff --git a/doc-src/certinstall/osx.html b/doc-src/certinstall/osx.html index bcb72f501..f0f34d247 100644 --- a/doc-src/certinstall/osx.html +++ b/doc-src/certinstall/osx.html @@ -2,11 +2,7 @@ ### 1: Open Finder, and double-click on the mitmproxy ca.pem file. -### 2: You will be prompted to add the certificate. Click "Add": - - - -### 3: Click "Always Trust": +### 2: You will be prompted to add the certificate. Click "Always Trust": diff --git a/doc-src/certinstall/windows7.html b/doc-src/certinstall/windows7.html index b8632d567..7e447b4e1 100644 --- a/doc-src/certinstall/windows7.html +++ b/doc-src/certinstall/windows7.html @@ -1,40 +1,19 @@ -The Windows certificate manager expects a different certificate format from the -one used by mitmproxy. The easiest way to convert the cert to the appropriate -format is to use the Firefox web browser. +These instructions were tested on Windows 7. +### 1: Copy the ~/.mitmproxy/mitmproxy-ca-cert.p12 file to the target system. -### 1: Make sure Firefox is installed on the system. +### 2: Double-click the certificate file. You should see a certificate import wizard: -### 2: Fire up mitmproxy on the interception host. - -### 3: Configure Firefox to use the mitmproxy interceptor. - -### 4: Using Firefox, browse to an SSL-protected domain. You will see a warning: - - -### 5: Click "I understand the risks" and "Add Exception": - - -### 6: Click "Get certificate", "View", and switch to the "Details" tab: - - -### 7: Click "Export", and save the certificate in "X.509 Certificate (PEM)" format: - - -### 8: Next, start a command prompt, and type "certmgr" to start the Certificate Manager: - - -### 9: From the top menu, select "Action", "All tasks", and then "Import": - - -### 10: Click "Next", and browse to select the cert we just exported from Firefox: - - -### 11: Click "Next", and "Finish" to complete the import. Accept all warning prompts. + +### 3: Click "Next" until you're prompted for the certificate store: + +### 4: Select "Place all certificates in the following store, and select "Trusted Root Certification Authorities": + +### 5: Click "Next" and "Finish". diff --git a/doc-src/screenshots/osx-addcert.png b/doc-src/screenshots/osx-addcert.png deleted file mode 100644 index 16dd02849..000000000 Binary files a/doc-src/screenshots/osx-addcert.png and /dev/null differ diff --git a/doc-src/screenshots/win7-certstore-trustedroot.png b/doc-src/screenshots/win7-certstore-trustedroot.png new file mode 100644 index 000000000..31073f0b1 Binary files /dev/null and b/doc-src/screenshots/win7-certstore-trustedroot.png differ diff --git a/doc-src/screenshots/win7-certstore.png b/doc-src/screenshots/win7-certstore.png new file mode 100644 index 000000000..11bd4540a Binary files /dev/null and b/doc-src/screenshots/win7-certstore.png differ diff --git a/doc-src/screenshots/win7-wizard.png b/doc-src/screenshots/win7-wizard.png new file mode 100644 index 000000000..5017f2c56 Binary files /dev/null and b/doc-src/screenshots/win7-wizard.png differ diff --git a/doc-src/ssl.html b/doc-src/ssl.html index eb68dc954..7df6771b0 100644 --- a/doc-src/ssl.html +++ b/doc-src/ssl.html @@ -2,15 +2,34 @@ SSL === -The first time __mitmproxy__ or __mitmdump__ is started, a dummy SSL -certificate authority is generated (the default location is -~/.mitmproxy/ca.pem). This dummy CA is used to generate dummy certificates for -SSL interception on-the-fly. Since your browser won't trust the __mitmproxy__ -dummy CA out of the box (and rightly so), so you will see an SSL cert warning -every time you visit a new SSL domain through __mitmproxy__. When you're -testing a single site, just accepting the bogus SSL cert manually is not too -much of a hassle, but there are a number of cases where you will want to -configure your testing system or browser to trust __mitmproxy__: +The first time __mitmproxy__ or __mitmdump__ is started, the following set of +certificate files for a dummy Certificate Authority are created in the config +directory (~/.mitmproxy by default): + + + + + + + + + + + + + + +
mitmproxy-ca.pemThe private key and certificate in PEM format.
mitmproxy-ca-cert.pemJust the certificate in PEM format. Use this to distribute to most + non-Windows platforms.
mitmproxy-ca-cert.p12Just the certificate in PKCS12 format. For use on Windows.
+ +This dummy CA is used for on-the-fly generation of +dummy certificates for SSL interception. Since your browser won't trust the +__mitmproxy__ dummy CA out of the box (and rightly so), so you will see an SSL +cert warning every time you visit a new SSL domain through __mitmproxy__. When +you're testing a single site through a browser, just accepting the bogus SSL +cert manually is not too much of a hassle, but there are a number of cases +where you will want to configure your testing system or browser to trust the +__mitmproxy__ CA as a signing root authority: - If you are testing non-browser software that checks SSL cert validiy. - You are testing an app that makes non-interactive (JSONP, script src, etc.)