I followed the directions the best that I could. Not sure if I’m missing something.
I create the PEM file using the CA cert and Key.
I create the client cert using the client cert and key.
Doing:
openssl s_client -connect website.internal.com:443 -cert website.internal.com.pem -CAfile mitmproxy-ca.pem -showcerts
return is:
SSL handshake has read 2791 bytes and written 2559 bytes
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES128-GCM-SHA256
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : ECDHE-RSA-AES128-GCM-SHA256
Session-ID: CB1A9F13985DC7E9AABD5C0A38473BFF59381F5790ED7E91667CF9D3ACDCD438
Session-ID-ctx:
Master-Key: 3526267F9810D7138CC22DF59BC1F0DC7F2A60A0E7F22AE95689BEB858E1CF825E22F8B544BBFDF920AFF4B77682462C
Key-Arg : None
PSK identity: None
PSK identity hint: None
SRP username: None
Start Time: 1503671106
Timeout : 300 (sec)
Verify return code: 0 (ok)
That looks all good. Now when trying to do the same with mitm proxy, I get various issues.
mitmdump.exe --upstream-trusted-ca mitmproxy-ca.pem --client-certs website.internal.com.pem
I get
<< Certificate Verification Error for website.internal.com: self signed certificate in certificate chain (errno: 19, depth: 1)
Doing:
mitmdump.exe --cadir C:\mitm\ --client-certs website.internal.com.pem
I get the same
Using the same exact pem files when doing an openssl connect works fine.
Am i missing something?