New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Docs: Explain New iOS "Certificate Trust Settings" #2706

Closed
jimhigson opened this Issue Dec 17, 2017 · 3 comments

Comments

Projects
None yet
3 participants
@jimhigson
Contributor

jimhigson commented Dec 17, 2017

It took a while to work this out and I can't - installing the certificate on ios (don't know since what version) isn't from http://mitm.it isn't enough - you also need to enable full trust for the root certificate for it to actually work. Otherwise, Safari will ask if you want to go to a site every time and mitmproxy will report handshake errors with the client not trusting it's certificates - it looks like pinned certs but it isn't.

It would be great if you could update the docs with the following. Ideally, this would be mentioned in the html of the page at http://mitm.it or at least somewhere in the mitmproxy docs like maybe here

On the ios Device need to :

  • Install the mitm root cert as usual from http://mitm.it
  • Open the Settings app
  • Tap General
  • Tap About
  • Scroll to bottom. Tap Certificate Trust Settings
  • Turn on the switch for mitmproxy
@mhils

This comment has been minimized.

Member

mhils commented Dec 18, 2017

Thanks - this is very useful feedback because it addresses a real pain point. In fact, we have already added instructions to mitm.it that will be part of the next release (src). For http://docs.mitmproxy.org/en/stable/certinstall.html, I'd be super happy if someone could send a PR that replaces the linked instructions in the iOS/macOS section with something more useful.

@mhils mhils changed the title from Missing in docs - enable full trust for mitmproxy cert on ios to Docs: Explain New iOS "Certificate Trust Settings" Dec 18, 2017

@jimhigson

This comment has been minimized.

Contributor

jimhigson commented Dec 18, 2017

Sure, I can make a PR. Will close here and open a PR.

@jimhigson jimhigson closed this Dec 18, 2017

@yifeikong

This comment has been minimized.

yifeikong commented Apr 29, 2018

I hope that there is a tip on http://mitm.it saying that you have to trust the cert after installing it.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment