CA issue with client certificate

I am using a client certificate but site responde me with 403 and I see in output this message:

Certificate Verification Error for unable to get local issuer certificate (errno: 20, depth: 0)
Ignoring server verification error, continuing with connection
<< 403 Forbidden 142b

I understand that client certificate was not send to remote server. The certificate is not signed by a trusted CA, is it the problem? How can I force send it?

Hi, did you verify that mitmproxy is not sending a client certificate in e.g. Wireshark? How do you invoke mitmproxy?

I call mitmdump with --client-certs option. I try two sites with two different client certificates and one is going well and the other with the problem I said.
I do not try to verify with Wireshark: the warning I reported does not involve to client certificate not sent?

The “Ignoring server verification error, continuing with connection” warning only states that mitmproxy doesn’t trust the server certificate. You are probably passing --insecure because the connection would otherwise fail. Other than that, it’s a regular HTTP request with a 403 Forbidden response from mitmproxy’s perspective.

It was my mistake, the client certificate was not send to server.

1 Like