配置证书的步骤是怎样的米特普罗西在 Arch Linux 上?
在浏览器中打开 mitm.it 时,它会显示以下适用于 Linux 的步骤,但它们是 Ubuntu/Debian 特定的:
mv mitmproxy-ca-cert.pem /usr/local/share/ca-certificates/mitmproxy.crt
sudo update-ca-certificates
我找到了 Arch Linux 的食谱这里:
After installing mitmproxy run it (just type mitmproxy) in a terminal session and quit.
This will create the necessaries certificates files at ~/.mitmproxy.
Extract the certificate to .crt format:
openssl x509 -in ~/.mitmproxy/mitmproxy-ca.pem -inform PEM -out ca.crt
Trust the certificate into CA:
sudo trust anchor ca.crt
Run the mitmproxy again
Open another terminal session and set the proxy:
export http_proxy='http://localhost:8080'
export https_proxy='http://localhost:8080'
Run a curl to an https site and it should work:
curl https://www.google.com
在运行之前,我想检查一下该方法是否合理。我也很好奇如何恢复更改。一旦不再需要 mitmproxy 证书,有没有办法“不信任”它?或者将其保留安装是否安全?
答案1
是的,这个方法很好。事实上,你甚至不需要转换证书,直接使用即可~/.mitmproxy/mitmproxy-ca-cert.cer
。
要不信任证书,请参阅以下说明man trust
:
ANCHOR
Store or remove trust anchors.
$ trust anchor /path/to/certificate.crt
$ trust anchor --remove /path/to/certificate.crt
$ trust anchor --remove "pkcs11:id=%AA%BB%CC%DD%EE;type=cert"
Store or remove trust anchors in the trust policy store. These are usually root certificate authorities.
Specify either the --store or --remove operations. If no operation is specified then --store is assumed.