| description |
|---|
How to install Certificate and decrypt HTTPS Request/response in macOS device. Support Automatic and Manual steps |
In order to intercept encrypted HTTPS messages (Request or Response), you have to install Proxyman CA Certificate on your current machine. This step is mandatory for iOS, Android devices, iOS simulators, Java VMs, and Firefox too.
{% hint style="info" %} The Proxyman Certificate is a self-signed certificate, which is generated in your machine. Proxyman never stores or transmits any personal data to Proxyman's server or 3rd-party.
Please check out the Privacy Statement to understand what Proxyman obtains or not.
If you'd like to manually generate a Certificate on your machine then adding to Proxyman. Please check out the Custom Certificate Doc {% endhint %}
{% hint style="info" %} Proxyman's certificate is stored locally at ~/.proxyman or ~/Library/Application Support/com.proxyman.NSProxy/certificates/ {% endhint %}
Proxyman could automatically install & trust the Certificate in Keychain by following the below steps:
- Open the Certificate menu
- Install a Certificate on this Mac...
- On the Automatic Mode -> Enter your Mac's password (Root Privileges)
- Verify the status: ✅
Installed & Trustedin the button (If not, try to use the Manual Tab, or contact us for further support) - Done ✅
{% hint style="info" %} Automation mode requires Root Privileges to perform the installation script. If you're not sure, please consider using Manual mode. {% endhint %}
In automatic mode, Proxyman will automatically perform two steps:
- Generate a local Proxyman Certificate at
~/.proxyman/proxyman-ca.pem - Install & Trust the certificate to System Keychain Access. It requires Root Privileges to execute the following CLI:
{% code overflow="wrap" %}
sudo security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain ~/.proxyman/proxyman-ca.pem{% endcode %}
Proxyman also offers more freedom for super-users who need to install the certificate on their behalf.
- Open the Certificate menu
- Install a Certificate on this Mac... -> Select the Manual Tab
- Click on the Generate & Add button (Proxyman will locally generate the certificate and add it to Keychain, but not Trust it automatically, no Password required)
- In some cases, System Keychains will ask to select what keychain should be installed -> Select System Keychain
- Open the Keychain Access app on your Mac -> Search "Proxyman CA" -> Open -> Select "Always Trust" -> Quit Keychain and Save
{% hint style="info" %} If you've done it correctly, Proxyman will display " ✅ Installed and Trusted" status. {% endhint %}
{% hint style="info" %} If you'd like to use your own custom Root Certificate, please check out the Custom Certificate Doc {% endhint %}
Suppose you are not sure how to trust the certificate on the Keychain Access app. You can open the Terminal app and execute the command:
sudo security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain ~/.proxyman/proxyman-ca.pem
{% hint style="info" %} Make sure that you Delete the Proxyman Certificate in Keychain app if you're not using Proxyman anymore. If not, anyone who has the Proxyman Certificate can intercept your HTTP/HTTPS requests from your macOS machine. {% endhint %}
- Open Certificate Menu
- Reset all Certificates
- Enter your Mac password and done