Proxyman
Proxyman
Proxyman
Proxyman
Overview
Changelog
License
FAQ
Debug on Devices
macOS
iOS Device
iOS Simulator
Android Device
Firefox
BASIC FEATURES
Proxyman Proxy Helper Tool
Request / Response Previewer
SSL Proxying
Import / Export
Content Filter
Multiple Tabs
Horizontal/Vertical/Window Layout
Copy as
ADVANCED FEATURES
Repeat
Edit & Repeat
Compose
No Caching
Map Local
Map Remote
External Proxy
Save Session
Protobuf
WebSocket
Clear Session
Block List
Allow List
Charles Proxy Converter
Custom Certificates
Troubleshooting
My Remote Devices (iOS/Android) couldn't connect to Proxyman?
Get SSL Error from HTTPS Request and Response
Couldn't see any requests from Localhost server
*.local requests don't appear on Proxyman
I couldn't see any traffics on Proxyman
Couldn't see any requests from 3rd-party network libraries
Powered by GitBook

Custom Certificates

1. What's it?

Proxyman supports Custom Server Certificates and Client Certificates that allow you adds your certificate that Proxyman uses to establish the SSL-Connection between your clients, servers and Proxyman app.

Custom Certificate Type

Purpose

How Proxyman uses

Server Certificate

For intecepting HTTPS Traffic from clients that use SSL-Pinning

Use this certifiacte for SSL-Handshake to your Clients

Client Certificate

For intecepting HTTPS Traffic from clients that use Mutual Authentication

Use this certifiacte for SSL-Handshake to specific Server

Custom Certificates

2. Certificate Formats

Proxyman accepts the following formats:

  • PKCS #12 (p12)

  • PEM or DER Private Key and Certificate file

  • Proxyman automatically determines the format of Private Key and Certificate file (Support PEM or DER)

  • Proxyman will prompt to enter the password if import an encrypted Private Key or PKCS #12 file

  • All passphrases are securely stored in Proxyman Keychain

If your certificates are different format that Proxyman supports, please convert them to p12 or PEM/DER format before importing

3. Certificate Requirement on macOS 10.15+ and iOS 13+

If you're using custom Server Certificate on macOS 10.15 or iOS 13, you might encounter the failed handshake on Safari or iOS devices if the following requirements doesn't meet:

  • RSA Key must have key size is greater than 2048 bits

  • Hash algorithm is SHA-2 family

  • DNS Name of the server must present on Subject Alternative Name. Common Name is no longer trusted

  • Valid certificate (Current day is in Not Before and Not After)

  • TLS server certificates must contain an ExtendedKeyUsage (EKU) extension containing the id-kp-serverAuth OID.

Read more https://support.apple.com/en-us/HT210176​

4. Common issues

Problem

Solution

Private Key and Certificate are not matched

Try different certificates and private key and make sure they are matched

Get SSL Handshake Error for custom certificates

  • Try to add the custom Certificate to System Keychain and Trust it

  • Certificate doesn't match the requirement from macOS => Read section 3​

  • Check expires day of the Certificate

Couldn't import certificate due to invalid passphrase

Ask the developer to give correct passpharse to open encrypted Private Key or P12 file

5. How to use

  • Access from Certificate Menu -> Add Custom Certificate

​

​

​

ADVANCED FEATURES - Previous
Charles Proxy Converter
Next - Troubleshooting
My Remote Devices (iOS/Android) couldn't connect to Proxyman?
Last updated 2 weeks ago
Contents
1. What's it?
2. Certificate Formats
3. Certificate Requirement on macOS 10.15+ and iOS 13+
4. Common issues
5. How to use