Published on

如何在Fedora33/CentOS8上安装Charles根证书

Authors
  • avatar
    Name
    ttyS3
    Twitter

开发机上跑着Charles, 同时本机又有程序想通过Charles来抓包, 需要tls证书被信任才行(依赖的库强制校验证书). 所以才有这个需求。

此方法通用,适用于安装任何root ca.

root ca installation

较新版本的 Charles 现在默认会同时生成 charles-proxy-ssl-proxying-certificate.cer, charles-proxy-ssl-proxying-certificate.pemkeystore 3个文件

cd ~/.charles/ca
sudo trust anchor --store ./charles-proxy-ssl-proxying-certificate.pem
# 证书会写到 /etc/pki/ca-trust/source 这个目录下

manual installation method

If you get "no configured writable location" or a similar error, import the CA manually:

Copy the certificate to the /etc/pki/ca-trust/source/anchors directory. Run update-ca-trust as root.

对于 ArchLinux, 它是安装到 /etc/ca-certificates/trust-source/ 目录。 手动安装路径为 /etc/ca-certificates/trust-source/anchors

cd ~/.charles/ca

# 如果没有 pem 文件, 先将der格式的证书转换成pem格式
# openssl x509 -inform DER -in charles-proxy-ssl-proxying-certificate.cer -out charles-proxy-ssl-proxying-certificate.pem

# 复制转换好的ca到/etc/pki/ca-trust/source/anchors/
cp charles-proxy-ssl-proxying-certificate.pem /etc/pki/ca-trust/source/anchors/charles-ca.pem

# 执行
update-ca-trust extract

# verify
❯ openssl verify /etc/pki/ca-trust/source/anchors/charles-ca.pem
/etc/pki/ca-trust/source/anchors/charles-ca.crt: OK

refs

https://access.redhat.com/solutions/1519813

ubuntu: https://askubuntu.com/questions/73287/how-do-i-install-a-root-certificate

Adding a trusted CA certificate https://wiki.archlinux.org/title/User:Grawity/Adding_a_trusted_CA_certificate

Discuss on TwitterView on GitHub