aboutsummaryrefslogtreecommitdiffstats
path: root/doc-src/ssl.html
diff options
context:
space:
mode:
Diffstat (limited to 'doc-src/ssl.html')
-rw-r--r--doc-src/ssl.html37
1 files changed, 28 insertions, 9 deletions
diff --git a/doc-src/ssl.html b/doc-src/ssl.html
index eb68dc95..7df6771b 100644
--- a/doc-src/ssl.html
+++ b/doc-src/ssl.html
@@ -2,15 +2,34 @@
SSL
===
-The first time __mitmproxy__ or __mitmdump__ is started, a dummy SSL
-certificate authority is generated (the default location is
-~/.mitmproxy/ca.pem). This dummy CA is used to generate dummy certificates for
-SSL interception on-the-fly. Since your browser won't trust the __mitmproxy__
-dummy CA out of the box (and rightly so), so you will see an SSL cert warning
-every time you visit a new SSL domain through __mitmproxy__. When you're
-testing a single site, just accepting the bogus SSL cert manually is not too
-much of a hassle, but there are a number of cases where you will want to
-configure your testing system or browser to trust __mitmproxy__:
+The first time __mitmproxy__ or __mitmdump__ is started, the following set of
+certificate files for a dummy Certificate Authority are created in the config
+directory (~/.mitmproxy by default):
+
+<table>
+ <tr>
+ <td>mitmproxy-ca.pem</td>
+ <td>The private key and certificate in PEM format.</td>
+ </tr>
+ <tr>
+ <td>mitmproxy-ca-cert.pem</td>
+ <td>Just the certificate in PEM format. Use this to distribute to most
+ non-Windows platforms.</td>
+ </tr>
+ <tr>
+ <td>mitmproxy-ca-cert.p12</td>
+ <td>Just the certificate in PKCS12 format. For use on Windows.</td>
+ </tr>
+</table>
+
+This dummy CA is used for on-the-fly generation of
+dummy certificates for SSL interception. Since your browser won't trust the
+__mitmproxy__ dummy CA out of the box (and rightly so), so you will see an SSL
+cert warning every time you visit a new SSL domain through __mitmproxy__. When
+you're testing a single site through a browser, just accepting the bogus SSL
+cert manually is not too much of a hassle, but there are a number of cases
+where you will want to configure your testing system or browser to trust the
+__mitmproxy__ CA as a signing root authority:
- If you are testing non-browser software that checks SSL cert validiy.
- You are testing an app that makes non-interactive (JSONP, script src, etc.)
generated by cgit v1.2.3 (git 2.25.1) at 2025-04-26 19:40:55 +0000