| title | description | sidebar_position |
|---|---|---|
Install Certificate |
Introduces how to install Reqable's CA root certificate. |
0 |
Reqable uses the classic man-in-the-middle (MITM) technique to analyze HTTPS traffic. When the client communicates with Reqable proxy server (hereinafter referred to as MITM), the MITM needs to re-sign the SSL certificate of the remote server. In order to ensure the successful SSL handshake communication between the client and the MITM, it is necessary to install the MITM's root certificate (hereinafter referred to as CA Certificate) to the client's local certificate management center.
If the target client is a PC application, the CA Certificate needs to be installed in the certificate management center of the PC; if the target client is a mobile application, the CA certificate needs to be installed in the certificate management center of the mobile phone. If you do not need traffic analysis, you can ignore this step.
:::info Tips Reqable automatically generates a CA certificate for each user, and uses a random certificate key, so you don't have to worry about this certificate being exploited by a third party. :::
Different desktop platforms (here mainly Windows/MacOS/Linux) have different certificate installation methods. In order to simplify the installation process, Reqable provides a one-click certificate installation way.
The certificate installation page is located on the top QuickBar, click the shield icon to open the pop-up window.
Just click Install Now:
After clicking, the system will pop up a confirmation pop-up window or enter the account password to authorize, just follow the prompts to confirm. If there is no accident, the certificate will be automatically installed successfully; if the automatic installation fails, you can switch to the Tab of Manual and follow the steps to install it manually.
Note that Chrome and Firefox on Linux devices have built-in certificate management systems, and you also need to install the CA certificate into the browser's certificate management center. Please follow the prompts in Reqable.
:::info Installation Status When the CA certificate is not installed or the installation fails, the shield icon is displayed in yellow; after the installation is successful, the shield icon is displayed in green. :::
If you need to analyze mobile applications, you must install the CA certificate on the mobile device. We have built-in guidelines for installing Android and iOS certificates in Reqable. If you use desktop app, please switch to the tabs of Android and iOS to follow the steps to install. If you use mobile app, please goto Side Menu -> Certificate Management -> Install Root Certificate to Local-Machine, and choose a suitable solution to install.
:::warning If you use the desktop app to analyze traffic, please install the CA root certificate on the computer to the mobile device; if you use the mobile app to analyze traffic directly, please install the CA root certificate on the mobile device. :::
The CA root certificate generated by Reqable for each device is different. If you want all devices to share the same CA root certificate, you can export the certificate in .p12 format and then import it on other devices.
:::note Tips After the mobile App is initialized and selects the collaborative mode and scans the qrcode to connect to the computer, the CA root certificate on the computer will be automatically synchronized to the current mobile device. At this time, the CA root certificate of the two devices is the same. :::
There are two types of Android certificates: user certificates and system certificates. User certificates are located in the /data/misc/user/0/cacerts directory, and system certificates are located in the /system/etc/security/cacerts directory. The user directory does not require additional permissions to be modified, while the system directory requires permissions to unlock the system partition to be modified. You can choose any appropriate certificate installation solution according to the following scenarios.
Devices below Android 7.0 trust user certificates by default. You can directly install the certificate to the user directory: Settings -> Security -> Encryption and Credentials -> Install Certificate -> CA Certificate, select the exported certificate and install it (authorization verification is required).
Use the adb command to push the certificate to the system certificate directory. This certificate is in the hash.0 format.
adb root
# restarting adbd as root
adb shell avbctl disable-verification
adb remount
adb push 364618e0.0 /system/etc/security/cacerts/364618e0.0:::caution
Since the Android 14 certificate is migrated to the apex module, this solution is only suitable for Android 13 and below.
:::
If you are an Android developer and have the project write permission, you can directly install the certificate to the user directory, and then configure the project to trust the user directory certificate.
Step 1: Install the certificate on your phone: Settings -> Security -> Encryption and Credentials -> Install Certificate -> CA Certificate, select the exported certificate and install it (authorization verification is required).
Step 2: Create res/xml/network_security_config.xml
<?xml version="1.0" encoding="utf-8"?>
<network-security-config>
<base-config cleartextTrafficPermitted="true">
<trust-anchors>
<certificates src="system" />
<certificates src="user" />
</trust-anchors>
</base-config>
</network-security-config>Step 3: Config AndroidManifest.xml
<?xml version="1.0" encoding="utf-8"?>
<manifest>
<application android:networkSecurityConfig="@xml/network_security_config">
...
</application>
</manifest>Please remove this configuration in the release version. For more information about the network security configuration file, please refer to: Android Docs.
If you are an Android developer and have the project write permission. You can directly install the certificate to the user directory, and then reduce the project's targetSdkVersion to 23 or below.
Step 1: Install the certificate on the phone: Settings -> Security -> Encryption and Credentials -> Install Certificate -> CA Certificate, select the exported certificate and install it (authorization verification is required).
Step 2: Reduce targetSdkVersion.
android {
defaultConfig {
...
targetSdkVersion 23
...
}
}Reqable app provides a Magisk module package, which can install the certificate to the system directory. It supports Magisk and KernelSU, and supports Android 5+.
:::caution After KernelSU is flashed into the device, you may need to grant Reqable root permissions, otherwise the certificate will not take effect. :::
Chrome (and subsequently many other Chromium-based browsers) has recently started requiring Certificate Transparency logs for CA certs found in the system certificate store.
Even if the certificate has been successfully installed in the system directory, the NET:ERR_CERTIFICATE_TRANSPARENCY_REQUIRED will still occur. In this case, please remove the certificate from the system directory and install it in the user directory. The Chrome kernel browser will trust the user certificate by default and will not perform CT log verification.
Installing CA certificate on an iOS device is very easy. Just follow the steps below.
First, download and install the description file (certificate). The description file can be saved manually or downloaded through the browser.
- Manual save: Export the CA certificate, find the exported CA certificate in the Reqable document directory of the file app, and manually copy or move it to the upper directory. After clicking on the certificate, a prompt
Description file downloadedwill appear. - Browser download: Click on the certificate to automatically open the browser to download. After the download is complete, a prompt
Description file downloadedwill automatically appear.
Step 2: Open Settings -> Downloaded Profile -> Select Reqable CA -> Install the certificate file just downloaded.
Step 3: Trust the certificate, Settings -> General -> About -> Certificate Trust Settings -> Turn on the switch.