All geek questions in one place

Charles CA user certificate with no password

I use the excellent Charles proxy to simplify web debugging. I use the SSL proxy capabilities and have installed the general CA certificate that it belongs to. Although this works, it is unsafe because, as long as my browser trusts this certificate, I am vulnerable to a MIM attack.

I am trying to use OpenSSL to create a "Custom CA Certificate" as Charles allows me to fix this. These are the following steps:

NAME=daaku-ca openssl genrsa -out $NAME.key 1024 openssl req -new -key $NAME.key -out $NAME.csr openssl x509 -days 3650 -signkey $NAME.key -in $NAME.csr -req -out $NAME.crt openssl pkcs12 -export -out $NAME.pfx -inkey $NAME.key -in $NAME.crt

Following these steps, I get $NAME.crt signed by the root certificate, which I successfully imported into my Mac OS X keychain. And although $NAME.pfx in Charles works and is used correctly, if I enter the password for it, it does not work, if there is no password.

My question is how to create a certificate that works in Charles and does not need a password.

+6
source share
2 answers

I wrote about how to use a custom SSL certificate with Charles, and in the last section I look at the problem of having to enter a password every time Charles starts.

http://codeblog.shape.dk/blog/2014/01/06/custom-ssl-certificate-with-charles-web-proxy/

+5
source

Since Charles 3.10 came out, this is no longer a problem, since each installation generates its own certificate. Therefore, even if you trust the certificate created by Charles, you will not be susceptible to MIM attacks by other users of Charles.

In version 3.10, release notes:

Version 3.10 March 21, 2015

Major new features, improvements and bug fixes.

SSL Changes

Changing the SSL certificate certificate certificate to create a unique certificate for each Charles installation (see SSL Proxying in the Help menu). SSL Proxying now has its own settings menu item in the Proxy Menu. Please note that these changes will affect how you currently use Charles for SSL Proxying. You will need to install and trust a new certificate, which will be automatically generated for you. You can install this certificate on your computer using the "Help" menu, in the "SSL Proxying" section. You can also export the certificate, send it to other systems, or download the certificate for installation on mobile devices such as iPhones.

+1
source

Source: https://habr.com/ru/post/895473/

More articles:


All Articles