   {% extends "layout.html" %} {% block content %}

  Install mitmproxy's Certificate Authority

   {% macro entry(title, icon, filetype="pem") -%}
   * {% include 'icons/' + icon + '-brands.svg' %}

      {{ title | safe }}

     ð*** Get mitmproxy-ca-cert.{{ filetype }} ð*** Show Instructions ð***
     Hide Instructions
     {{ caller() }}
     {%- endmacro %}
       {% call entry('Windows', 'windows', 'p12') %}

      Manual Installation

         1. Double-click the P12 file to start the import wizard.
         2. Select a certificate store location. This determines who will
            trust the certificate – only the current Windows user or everyone
            on the machine. Click Next.
         3. Click Next again.
         4. Leave Password blank and click Next.
         5. Select Place all certificates in the following store, then click
            Browse, and select Trusted Root Certification Authorities.
            Click OK and Next.
         6. Click Finish.
         7. Click Yes to confirm the warning dialog.

      Automated Installation

         1. Run certutil.exe -addstore root mitmproxy-ca-cert.cer (details).
       {% endcall %} {% call entry('Linux', 'linux') %}

      Ubuntu/Debian

         1. mv mitmproxy-ca-cert.pem
            /usr/local/share/ca-certificates/mitmproxy.crt
         2. sudo update-ca-certificates
       {% endcall %} {% call entry('macOS', 'apple') %}

      Manual Installation

         1. Double-click the PEM file to open the Keychain Access
            application.
         2. Locate the new certificate "mitmproxy" in the list and
            double-click it.
         3. Change Secure Socket Layer (SSL) to Always Trust.
         4. Close the dialog window and enter your password if prompted.

      Automated Installation

         1. sudo security add-trusted-cert -d -p ssl -p basic -k
            /Library/Keychains/System.keychain mitmproxy-ca-cert.pem
       {% endcall %} {% call entry('iOS â** please read the instructions!',
       'apple') %}

      iOS 13+

         1. Use Safari to download the certificate. Other browsers may not
            open the proper installation prompt.
         2. Install the new Profile (Settings -> General -> VPN & Device
            Management).
         3. Important: Go to Settings -> General -> About -> Certificate
            Trust Settings. Toggle mitmproxy to ON.
       {% endcall %} {% call entry('Android', 'android', 'cer') %}

      Android 10+

         1. Open the downloaded CER file.
         2. Enter mitmproxy (or anything else) as the certificate name.
         3. For credential use, select VPN and apps.
         4. Click OK.

       Some Android distributions require you to install the certificate via
       Settings -> Security -> Advanced -> Encryption and credentials ->
       Install from storage instead.

       Warning: Apps that target Android API Level 24 (introduced in 2016)
       and above only accept certificates from the system trust store
       (#2054). User-added CAs are not accepted unless the application
       manually opts in. Except for browsers, you need to patch most apps
       manually.

       {% endcall %} {% call entry('Firefox (does not use the OS root
       certificates)', 'firefox-browser') %}

      Firefox

         1. Open Options -> Privacy & Security and click View Certificates...
            at the bottom of the page.
         2. Click Import... and select the downloaded certificate.
         3. Enable Trust this CA to identify websites and click OK.
       {% endcall %}
       * {% include 'icons/certificate-solid.svg' %}

      Other Platforms

         ð*** Get mitmproxy-ca-cert.pem ð*** Get mitmproxy-ca-cert.p12

     ----------------------------------------------------------------------

   Other mitmproxy users cannot intercept your connection. This page is
   served by your local mitmproxy instance. The certificate you are about to
   install has been uniquely generated on mitmproxy's first run and is not
   shared between mitmproxy installations.

   {% endblock %}
