如何在 Arch Linux 上配置 mimproxy 证书?

如何在 Arch Linux 上配置 mimproxy 证书?

配置证书的步骤是怎样的米特普罗西在 Arch Linux 上?

在浏览器中打开 mitm.it 时,它会显示以下适用于 Linux 的步骤,但它们是 Ubuntu/Debian 特定的:

mv mitmproxy-ca-cert.pem /usr/local/share/ca-certificates/mitmproxy.crt
sudo update-ca-certificates

我找到了 Arch Linux 的食谱这里:

After installing mitmproxy run it (just type mitmproxy) in a terminal session and quit.
This will create the necessaries certificates files at ~/.mitmproxy.

Extract the certificate to .crt format:
openssl x509 -in ~/.mitmproxy/mitmproxy-ca.pem -inform PEM -out ca.crt

Trust the certificate into CA:
sudo trust anchor ca.crt

Run the mitmproxy again

Open another terminal session and set the proxy:

export http_proxy='http://localhost:8080'
export https_proxy='http://localhost:8080'

Run a curl to an https site and it should work:
curl https://www.google.com

在运行之前,我想检查一下该方法是否合理。我也很好奇如何恢复更改。一旦不再需要 mitmproxy 证书,有没有办法“不信任”它?或者将其保留安装是否安全?

答案1

是的,这个方法很好。事实上,你甚至不需要转换证书,直接使用即可~/.mitmproxy/mitmproxy-ca-cert.cer

要不信任证书,请参阅以下说明man trust

ANCHOR
       Store or remove trust anchors.

           $ trust anchor /path/to/certificate.crt
           $ trust anchor --remove /path/to/certificate.crt
           $ trust anchor --remove "pkcs11:id=%AA%BB%CC%DD%EE;type=cert"

       Store or remove trust anchors in the trust policy store. These are usually root certificate authorities.

       Specify either the --store or --remove operations. If no operation is specified then --store is assumed.

相关内容