CA certificate setup

httpmon generates a CA certificate the first time it runs. To intercept HTTPS traffic, your system must trust this certificate. The certificate is stored at ~/.httpmon/mitmproxy-ca-cert.pem.

Automatic installation

The simplest approach. Run httpmon with --install-ca and it handles everything.

sudo httpmon --install-ca

This works on both macOS and Linux. It generates the CA certificate if it does not exist yet and adds it to your system trust store.

Manual installation

If you prefer to install the certificate yourself, use the platform-specific instructions below.

macOS
Linux

Add the certificate to the system keychain.

sudo security add-trusted-cert -d -r trustRoot \
  -k /Library/Keychains/System.keychain \
  ~/.httpmon/mitmproxy-ca-cert.pem

Copy the certificate to the system CA directory and update the trust store.

sudo cp ~/.httpmon/mitmproxy-ca-cert.pem \
  /usr/local/share/ca-certificates/httpmon.crt
sudo update-ca-certificates

Firefox

Firefox uses its own certificate trust store and does not use the system store. You need to import the certificate manually.

Open Firefox and go to Settings.
Search for Certificates and click View Certificates.
Select the Authorities tab and click Import.
Select ~/.httpmon/mitmproxy-ca-cert.pem.
Check Trust this CA to identify websites and click OK.

Certificate location

The CA certificate and key are stored in ~/.httpmon/.

File	Purpose
`~/.httpmon/mitmproxy-ca-cert.pem`	CA certificate (share this to trust the proxy)
`~/.httpmon/mitmproxy-ca.pem`	CA private key (keep this secret)

Getting Started

​Automatic installation

​Manual installation

​Firefox

​Certificate location

Automatic installation

Manual installation

Firefox

Certificate location