Mitmproxy ca-certificate uniqueness and dependencies


#1

I know that when mitmproxy is first runned it created ~/.mitmproxy directory with certificates. My question is that how unique or what information the mitmproxy-ca-cert.cer file is containing.

I have managed to create docker container with mitmproxy to test some aplication in other containers. I want to know if I can include the mitmproxy-ca-cert.cer file to directory where docker-compose is located or should the mitmproxy container create every time a new certificate?


#2

Good question!

On mitmproxy’s first run, mitmproxy will create a unique Root Certificate Authority on your device and store the associated certificate and private key in ~/.mitmproxy. Anyone with access to the private key can perform man-in-the-middle attacks on anyone who trusts this mitmproxy CA. As such, you should be very careful when sharing mitmproxy’s private CA key.

Note that the paragraph above concerns the private key for the CA certificate. The -cert.* files only contain the public key (you can verify this yourself by comparing mitmproxy-ca.pem and mitmproxy-ca-cert.pem in a text editor). There are generally no issues with distributing the public key, just make sure that your private key stays private.