I using the latest mitmproxy version (4.0.4) and try to achieve the following:
a specific subdomain should be decrypted using a wildcard keypair I own for this domain (wildcard.pem), while all other subdomains should be intercepted using the default CA.
as such I use:
mitmweb --cert "sub.example.tld=./wildcard.pem"
Expected behavior: the wildcard certificate is used for “sub.example.tld” while “www.example.tld”, “anothersub.example.tld” are intercepted using the mitmproxy CA.
What actually happens: all subdomains of example are intercepted with the wildcard cert I provide.
If i use a cert option with a non-wildcart certificate-keypair:
mitmweb --cert "works.example.com=./works.pem"
everything works as intended (mitmproxy CA is used for everything but works.example.com).
Any clues on what I am missing here?
Is this intended behavior: “(wildcard) certificate CN overwriting specified subdomain”?