diff options
author | Maximilian Hils <git@maximilianhils.com> | 2015-12-29 17:51:11 +0100 |
---|---|---|
committer | Maximilian Hils <git@maximilianhils.com> | 2015-12-29 17:51:11 +0100 |
commit | 7b093b46b6a8ce98fe3d55de81d9305d966dfcbf (patch) | |
tree | 6cfb22f7f433b5b4af4079e2e6724f6730ebceb0 /docs | |
parent | 6391b05ef1b92585765eb77e352921ec61b65020 (diff) | |
parent | 09168e1274b0e33448811c39efa3fbdd2aeff756 (diff) | |
download | mitmproxy-7b093b46b6a8ce98fe3d55de81d9305d966dfcbf.tar.gz mitmproxy-7b093b46b6a8ce98fe3d55de81d9305d966dfcbf.tar.bz2 mitmproxy-7b093b46b6a8ce98fe3d55de81d9305d966dfcbf.zip |
Merge pull request #870 from bazzinotti/master
[docs/libmproxy/test] Support single client-side cert file
Diffstat (limited to 'docs')
-rw-r--r-- | docs/certinstall.rst | 17 |
1 files changed, 14 insertions, 3 deletions
diff --git a/docs/certinstall.rst b/docs/certinstall.rst index 5ec7b7ce..5a8cce64 100644 --- a/docs/certinstall.rst +++ b/docs/certinstall.rst @@ -175,10 +175,21 @@ no such file exists, it will be generated automatically. Using a client side certificate ------------------------------- -You can use a client certificate by passing the ``--client-certs DIRECTORY`` option to mitmproxy. +You can use a client certificate by passing the ``--client-certs DIRECTORY|FILE`` +option to mitmproxy. Using a directory allows certs to be selected based on +hostname, while using a filename allows a single specific certificate to be used for +all SSL connections. Certificate files must be in the PEM format and should +contain both the unencrypted private key and the certificate. + +Multiple certs by Hostname +^^^^^^^^^^^^^^^^^^^^^^^^^^ + +If you've specified a directory to ``--client-certs``, then the following +behavior will be taken: + If you visit example.org, mitmproxy looks for a file named ``example.org.pem`` in the specified -directory and uses this as the client cert. The certificate file needs to be in the PEM format and -should contain both the unencrypted private key and the certificate. +directory and uses this as the client cert. + .. _Certificate Pinning: http://security.stackexchange.com/questions/29988/what-is-certificate-pinning/
\ No newline at end of file |