node-http-mitm-proxy
node-http-mitm-proxy copied to clipboard
joeferner
More options when working with certificates?
I really want a way of managing certificates:
- Allow providing your own root CA.
- Expose functions for generating a root CA via the API, without creating a proxy.
- Customize the certificate structure and filename, such as naming the file something other than
ca.pem.
I want to generate a CA using a separate script, and then let the proxy use it. Right now, I'm using the following workaround code as part of a separate module that I run before starting my main code:
import {Paths} from "./paths";
import CA = require('http-mitm-proxy/lib/ca');
function genCert() {
return new Promise((resolve, reject) => {
CA.create(Paths.https, (err, ca) => {
if (err) return reject(err);
if (ca) return resolve(ca);
reject(new Error("???"));
});
});
}
genCert();
Edit: I think it might be better to handle this outside of the library, in a separate package. Like a certificate manages/cache system where you insert the root CA, and the manager creates certificates for any domain you like. It maintains the certificate cache on disk or in memory.
The manager will also be able to generate the root CA certificate as a CLI utility, so afterwards it can manually be trusted.
Then the proxy need only accept the external CA.
Just for information, if you generate your own root CA, you can use it by naming it and putting it in the same place node-http-mitm-proxy would do and it will use it instead of creating new ones.
You can define the folder were node-http-mitm-proxy look for the CA like this:
import { Proxy } from 'http-mitm-proxy'
const proxy = new Proxy()
...
proxy.listen({
...,
sslCaDir: '/your/path/to/CA',
})
/your/path/to/CA must have the same structure than the files that node-http-mitm-proxy creates on its owm for this to work.
In my case I reused the CA cert and keys that were orginally created by node-http-mitm-proxy so I can't say if it works with different kind of format, but this is a start.
