I installed the mitmproxy root CA from mitm.it on my Windows machine and verified that mitmproxy properly decrypts HTTPS traffic. I’m done with my work and now want to uninstall this CA from Windows. Somehow I cannot find it anywhere in Certificates view within ‘mmc’ management console. I also tried to use certutil.exe but to no avail. How can I find and remove this certificate?
This works just fine for me - can you share (the public part of) your certificate?
Here it is:
X509 Certificate:
Version: 3
Serial Number: 0dd36594b06c
Signature Algorithm:
Algorithm ObjectId: 1.2.840.113549.1.1.11 sha256RSA
Algorithm Parameters:
05 00
Issuer:
O=mitmproxy
CN=mitmproxy
NotBefore: 2018-03-02 11:29
NotAfter: 2021-03-03 11:29
Subject:
O=mitmproxy
CN=mitmproxy
Public Key Algorithm:
Algorithm ObjectId: 1.2.840.113549.1.1.1 RSA (RSA_SIGN)
Algorithm Parameters:
05 00
Public Key Length: 2048 bits
Public Key: UnusedBits = 0
0000 30 82 01 0a 02 82 01 01 00 a3 b1 3d 20 a4 f8 e5
0010 d6 f6 78 02 c5 ef d0 a3 40 39 4a 35 47 c4 88 f4
0020 71 2a 27 4f da e3 60 e9 fd 60 ad c8 6f 66 7c 28
0030 5e ae 4c c5 d1 19 e0 d3 18 26 86 86 35 02 df d9
0040 0c 50 a6 71 43 83 62 94 4f 19 98 c4 6a 63 83 93
0050 8d dd bc df 3e 5c 94 c8 68 f1 46 5b aa a9 16 e5
0060 59 77 2d 08 4d 3d b1 d9 b8 d4 a1 3f ef 3a 48 40
0070 6d b2 6d 1b 96 9b 47 a3 69 db 54 fd ee 65 77 29
0080 47 a5 5a c7 f4 5f eb 4e 85 59 8d bc 10 05 07 d1
0090 c5 49 b4 8c 01 bf 7d 9f 78 34 41 b0 c9 24 15 e8
00a0 54 53 39 ee 71 a6 10 ca 4e 94 36 8f 61 26 ea 01
00b0 d3 c9 42 49 bb bd cc 87 a6 1f 70 20 91 9e 94 20
00c0 2b 0a 33 4d e7 f2 1d 9f 57 44 47 d5 5f 49 1f fe
00d0 8c 87 67 bc 6e 9c ae 1b 77 c4 fd e6 df 49 28 1c
00e0 11 ab cf 5d 21 cb e7 60 6f f9 f0 d6 70 d9 31 c7
00f0 b0 f1 84 c4 95 84 79 4e 62 63 00 f3 7b e9 9d a5
0100 47 73 a2 31 75 db 62 e7 25 02 03 01 00 01
(…)
Signature Algorithm:
Algorithm ObjectId: 1.2.840.113549.1.1.11 sha256RSA
Algorithm Parameters:
05 00
Signature: UnusedBits=0
0000 83 a5 76 72 f1 91 7e 41 85 09 9c 5e c8 1f 67 8a
0010 41 be 9c 79 ad 01 ee 58 95 e2 22 cd 38 c0 92 29
0020 4e 0c e3 21 9b 5d ea d2 92 e4 ef 47 d1 ec 5b c1
0030 91 ae c2 29 d2 29 19 ba e2 fb 15 db e1 50 e0 2c
0040 0b 7a 86 bf 1a 44 70 39 ac 4d b5 c5 20 90 d8 25
0050 af 2a 24 c0 ee fe 94 76 24 37 6e 0c 46 35 81 d2
0060 e9 b2 55 5e fc a3 fa 73 28 c2 aa 79 33 8a f5 ee
0070 f6 98 06 1d 32 ae 7a 9c a5 93 79 08 6f da 88 35
0080 93 e7 07 fa 39 f9 9d 3e b3 e3 94 76 7c f9 1d 14
0090 e9 d3 66 9b d2 01 ca 54 ea 25 af a3 53 7f 4e 8d
00a0 e4 cc e1 7f 64 97 8b eb 11 c6 36 e8 d3 17 16 f4
00b0 95 95 cb 38 c6 69 c0 4d cf c4 e3 e4 d4 bd a2 aa
00c0 0b 42 53 23 a6 4a e7 7a 0e e8 21 57 33 7c e9 10
00d0 ec 6c d1 b7 99 8c 5f 25 f6 a9 5d ec 96 e3 4f 1c
00e0 70 ef e6 00 45 03 a2 35 15 8f 15 1f 0a a0 dd a7
00f0 83 08 e9 33 ba 82 23 81 2f 9f 94 42 ef 2f ec 87
Signature matches Public Key
Root Certificate: Subject matches Issuer
Key Id Hash(rfc-sha1): e7 44 71 b8 c3 72 4e 19 56 d0 aa 54 2d 5a bb 8c 60 d4 26 6d
Key Id Hash(sha1): 6c b0 44 81 28 fc e5 df ab 8d 36 ad 0d 58 ac e0 2b 8c 71 9b
Cert Hash(md5): 3e 05 cc 3e 41 cc 07 ed 0c ee 6d 5d 49 2c 5b cd
Cert Hash(sha1): 13 05 5f bf 99 cf 7f e6 3c c0 53 18 fa 1c 16 9f c3 53 65 02
---------------- End Nesting Level 1 ----------------
CERT_KEY_IDENTIFIER_PROP_ID(20):
e7 44 71 b8 c3 72 4e 19 56 d0 aa 54 2d 5a bb 8c 60 d4 26 6d
CERT_MD5_HASH_PROP_ID(4):
3e 05 cc 3e 41 cc 07 ed 0c ee 6d 5d 49 2c 5b cd
CERT_SHA1_HASH_PROP_ID(3):
13 05 5f bf 99 cf 7f e6 3c c0 53 18 fa 1c 16 9f c3 53 65 02
Cannot find the certificate and private key for decryption.
CertUtil: -dump command completed successfully.
Sorry, a bit unclear - can you share the mitmproxy-ca-cert.pem file so that I can install it and check if it appears on my system?
I received the certificate by email - thanks. If I double-click the certificate I can either install it for the current user, or for the current machine. If I select “current machine” here, I can view it directly using certlm. However, if I select “current user”, it does not show up here. To view user certificates, I have to run mmc and then do the following:
- Menu: File → Add/Remove Snap-In…
- Select Available Snap-Ins → Certificates, then press Add >.
- Select Current User for the certificates to manage. Press Finish.
- Press OK to return to the management console.
Does this work for you?
1 Like
Yes! Somehow I completely overlooked that selection, I thought I read somewhere that the current machine setting displayed all certs including user certs.
Thanks for your help!