问题描述
我正在使用优秀的代理,使Web调试更容易。我正在使用它的SSL代理功能,并已安装了捆绑在一起虽然这是有效的,但它是不安全的,因为只要我的浏览器信任这个证书,我很容易受到MIM攻击。
I'm using the excellent Charles proxy to make web debugging easier. I'm using it's SSL proxying abilities, and have installed the generic CA Certificate that it comes bundled with. While this works, it's insecure because as long as my browser trusts this certificate, I am vulnerable to a MIM attack.
我试图使用OpenSSL创建一个自定义CA证书,因为Charles允许解决这个问题。以下是我遵循的步骤:
I'm trying to use OpenSSL to create a "Custom CA Certificate" since Charles allows to fix this. These are the steps I'm following:
NAME=daaku-ca
openssl genrsa -out $NAME.key 1024
openssl req -new -key $NAME.key -out $NAME.csr
openssl x509 -days 3650 -signkey $NAME.key -in $NAME.csr -req -out $NAME.crt
openssl pkcs12 -export -out $NAME.pfx -inkey $NAME.key -in $NAME.crt
按照以下步骤,我最终得到我已成功导入到我的Mac OS X中的自签名根证书 $ NAME.crt
钥匙扣而查尔斯的 $ NAME.pfx
,如果我输入密码正确使用,则如果没有密码,则不起作用。
Following these steps I end up with a Self signed root certificate $NAME.crt
that I successfully imported into my Mac OS X keychain. And while the $NAME.pfx
in Charles works and is being correctly used if I enter a password for it, it does not work if there's no password.
我的问题是如何生成在Charles中工作但不需要密码的证书。
My question is how do I generate a certificate that works in Charles and does not need a password.
推荐答案
我发表了关于如何使用Charles的自定义SSL证书的消息,在最后一节中,我解决了每次Charles发布时必须输入密码的问题。
I blogged about how to use a Custom SSL Certificate with Charles and in the last section I address the problem of having to type in the password every time Charles launches.
这篇关于没有密码的Charles的自定义CA证书的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!