Proxyman supports Custom Root Certificate, Server Certificates, andClient Certificates that allow you to add your certificate that Proxyman uses to establish the SSL-Connection between your clients, servers, and Proxyman app.
Custom Certificate Type
How Proxyman uses
For intercepting HTTPS Traffic from clients that use SSL-Pinning
Use this certificate for SSL-Handshake to your Clients
For intercepting HTTPS Traffic from clients that use Mutual Authentication
Use this certificate for SSL-Handshake to specific Server
For intercepting HTTPS Traffic from clients and servers without using local Proxyman certificates
SSL Handshake for both clients & servers
Even though the Proxyman Root Certificate is locally generated in your machine, you can manually generate and add to Proxyman. Read more
2. Certificate Formats
Proxyman accepts the following formats:
PEM or DER
PKCS #12 (p12)
PKCS #12 (p12).
PEM or DER Private Key and Certificate file.
Proxyman automatically determines the format of the Private Key and Certificate file (Support PEM or DER).
Proxyman will prompt to enter the password if import an encrypted Private Key or PKCS #12 file.
All passphrases are securely stored in Proxyman Keychain.
If your certificates are in different formats that Proxyman supports, please convert them to p12 or PEM/DER format before importing.
3. Certificate Requirement on macOS 10.15+ and iOS 13+
If you're using a custom Root Certificate or Server Certificate on macOS 10.15 or iOS 13, you might encounter the failed handshake on Safari or iOS devices if the following requirements don't meet:
RSA Key must have a key size is greater than 2048 bits
The hash algorithm is SHA-2 family
DNS Name of the server must be present on Subject Alternative Name. Common Name is no longer trusted
Valid certificate (Current day is in Not Before and Not After)
TLS server certificates must contain an ExtendedKeyUsage (EKU) extension containing the id-kp-serverAuth OID.
5. Finally, you would have root-ca.p12 file and move to the next step
7. Import as a Custom Root Certificate
Go to Certificate Menu -> Custom Certificate -> Select Root Certificate Tab
Click Import button -> P12
Select root-ca.p12 fileand enter the password.
Trust your custom certificate in Keychain Access App:
Open Keychain Access App
Search for the certificate you've added. The name might be the common name (CN) of the certificate
Double Click to open and select Always Trust
Click "X" and save the change
5. Please verify that you can see the Green Tick that shows the certificate is installed and trusted properly.
Custom Root Certificate is installed and trusted properly. Ready to go!
8. Import as a Server/Client Certificate
For custom Server/Client certificates, you should not generate a self-signed certificate. Please ask your workmate or team lead about the certificate that the company is using. It could be in DER/PEM or P12 format.
Then import the certificate as a Server / Client Certificate in Custom Certificate Window.
Import PEM/DER key and private key to Custom Client/Server Certificate
You don't need to trust the certificate on System Keychain since it's not a Root Certificate.