How to disable modification of certificates

[reinthal]

Hi,

Great tool. I'm trying to use this tool to mirror a website using my own domain name. As such, I already have valid lets encrypt certificates and don't want mitmproxy to modify them, I just want to pass my certificates as-is. How do I do that?

I tried the following configurations:

config.yaml
upstream_cert: false

and
mitmproxy -p 443 --mode reverse:https://example.com/ --set client_certs=/etc/letsencrypt/live/mydomain.com/

However, when I point a webbrowser to mydomain.com, I get invalid certificate warning from the webbrowser. The warning says that the certificate was issued by mitmproxy and not lets encrypt, even though SNI is mydomain.com and not example.com.

I scowered all configs . Please help : )

[mhils]

I think you want a custom server certificate, not a custom client certificate (which mitmproxy would present to the upstream server).

https://docs.mitmproxy.org/dev/concepts-certificates/#using-a-custom-server-certificate

[reinthal]

aah, I found that this was a duplicate of Discussion 4987. I solved it using a leaf certificate

cat privkey.pem cert.pem > leaf.pem

followed by:

mitmdump --set block_global=false --mode reverse:https://example.com -p 443 --certs ~/.mitmproxy/leaf.pem

Now I can start hacking! Thank you so much

[reinthal]

@mhils Just want to say that this tool is very cool. Thank you