Install mitmproxy's Certificate Authority
{% macro entry(title, icon, filetype="pem") -%}
{% include 'icons/' + icon + '-brands.svg' %}
{%- endmacro %}
{% call entry('Windows', 'windows', 'p12') %}
Manual Installation
- Double-click the P12 file to start the import wizard.
- Select a certificate store location. This determines who will trust the certificate – only the current
Windows user or everyone on the machine. Click Next.
- Click Next again.
- Leave Password blank and click Next.
- Select Place all certificates in the following store,
then click Browse, and select Trusted Root Certification Authorities.
Click OK and Next.
- Click Finish.
- Click Yes to confirm the warning dialog.
Automated Installation
- Run
certutil.exe -addstore root mitmproxy-ca-cert.cer
(details).
{% endcall %}
{% call entry('Linux', 'linux') %}
Ubuntu/Debian
mv mitmproxy-ca-cert.pem /usr/local/share/ca-certificates/mitmproxy.crtsudo update-ca-certificates
Fedora
mv mitmproxy-ca-cert.pem /etc/pki/ca-trust/source/anchors/sudo update-ca-trust
{% endcall %}
{% call entry('macOS', 'apple') %}
Manual Installation
- Double-click the PEM file to open the Keychain Access application.
- Locate the new certificate "mitmproxy" in the list and double-click it.
- Change Secure Socket Layer (SSL) to Always Trust.
- Close the dialog window and enter your password if prompted.
Automated Installation
sudo security add-trusted-cert -d -p ssl -p basic -k /Library/Keychains/System.keychain mitmproxy-ca-cert.pem
{% endcall %}
{% call entry('iOS – please read the instructions!', 'apple') %}
iOS 13+
- Use Safari to download the certificate. Other browsers may not open the proper installation prompt.
- Install the new Profile (Settings -> General -> VPN & Device Management).
- Important: Go to Settings -> General -> About -> Certificate Trust Settings.
Toggle mitmproxy to ON.
{% endcall %}
{% call entry('Android', 'android', 'cer') %}
Android 10+
- Open the downloaded CER file.
- Enter mitmproxy (or anything else) as the certificate name.
- For credential use, select VPN and apps.
- Click OK.
Some Android distributions require you to install the certificate via Settings -> Security -> Advanced ->
Encryption and credentials -> Install a certificate -> CA certificate (or similar) instead.
Warning: Apps that target Android API Level 24 (introduced in 2016) and above only accept
certificates from the system trust store
(#2054).
User-added CAs are not accepted unless the application manually opts in. Except for browsers, you need to
patch most apps manually
(Android network security config).
Alternatively, if you have rooted the device and have Magisk installed, you can install this Magisk module via the Magisk Manager app.
{% endcall %}
{% call entry('Firefox (does not use the OS root certificates)', 'firefox-browser') %}
Firefox
- Open Options -> Privacy & Security and click View Certificates...
at the bottom of the page.
- Click Import... and select the downloaded certificate.
- Enable Trust this CA to identify websites and click OK.
{% endcall %}
-
{% include 'icons/certificate-solid.svg' %}