starred/proxyman-windows-linux
1
0
Fork 0
mirror of https://github.com/ProxymanApp/proxyman-windows-linux.git synced 2026-04-27 17:05:52 +03:00
Code Issues 541 Projects Releases 5 Packages Wiki Activity

[GH-ISSUE #507] Support Custom Root Certificate #505

New issue
Open
opened 2026-03-03 19:51:01 +03:00 by kerem · 1 comment
kerem commented 2026-03-03 19:51:01 +03:00
Owner
Copy link

Originally created by @NghiaTranUIT on GitHub (May 29, 2025).
Original GitHub issue: https://github.com/ProxymanApp/proxyman-windows-linux/issues/507

Originally assigned to: @kics223w1 on GitHub.

Description

Acceptance Criteria

  • When there is no Root Certificate (default or custom), implement this UI
Image
  • If we generate a default Root Certificate in Certificate Menu -> Install for Windows -> Manual or Auto Tab -> It will show the default certificate in the Custom Root Certificate
Image
  • Delete button is disabled if it's a Default Certificate, but enable if it's a custom Root certificate
  • Able to import p12 (with passphrase) -> Decrypt p12 with password to PEM and Private Key and store in Proxyman Data Folder -> Custom Certificate Folder. Do not store user password
Image

  • Make sure it shows an error if the passphrase is wrong.

  • Able to import PEM / DER (This feature is not available on macOS). This view should be separated into components, we we can reuse it later for Server / Client Certificate

Image
  • After importing custom Root Certificate -> Verify that the UI displays

Logic

  • Maybe we should write new CustomCertificateService.ts to store and handle custom certificate (maybe we will use this class to store Client/Server customer certificate too)
  • All custom certificates should be stored in Proxyman Data Folder -> Custom Certificate Folder
  • Do not store user p12 passphare. We decrypt p12 file to PEM and Private Key.
  • Write a simple func to verify if it's a valid Root Certificate. Ping @NghiaTranUIT to get the idea. If it's invalid, still import it, but show warning yellow label on the UI to warning the user
  • IMPORTANT LOGIC: If Custom Root Certificate is provided -> We should clear all cache certificates (read ca.js) and know where it's store and we should clear all cache and delete old server certificate (which was issued by old Root Certificate)
Originally created by @NghiaTranUIT on GitHub (May 29, 2025). Original GitHub issue: https://github.com/ProxymanApp/proxyman-windows-linux/issues/507 Originally assigned to: @kics223w1 on GitHub. ## Description - It's time to implement the Custom Root Certificate - Doc: https://docs.proxyman.com/advanced-features/custom-certificates - DO NOT Implement Client or Server Certificate. It's for the future ## Acceptance Criteria - [x] When there is no Root Certificate (default or custom), implement this UI <img width="812" alt="Image" src="https://github.com/user-attachments/assets/b442c82b-1130-4ace-be11-edc7f4e949e5" /> - [x] If we generate a default Root Certificate in Certificate Menu -> Install for Windows -> Manual or Auto Tab -> It will show the default certificate in the Custom Root Certificate <img width="812" alt="Image" src="https://github.com/user-attachments/assets/221fe2f8-942d-465d-9a6d-c383205435b3" /> - [x] Delete button is disabled if it's a Default Certificate, but enable if it's a custom Root certificate - [x] Able to import p12 (with passphrase) -> Decrypt p12 with password to PEM and Private Key and store in Proxyman Data Folder -> Custom Certificate Folder. Do not store user password <img width="220" alt="Image" src="https://github.com/user-attachments/assets/7dabd5b2-2ad4-49f6-bcb6-134247e32248" /> - [x] Make sure it shows an error if the passphrase is wrong. - [x] Able to import PEM / DER (This feature is not available on macOS). This view should be separated into components, we we can reuse it later for Server / Client Certificate <img width="1012" alt="Image" src="https://github.com/user-attachments/assets/3cc5e766-ee68-4d6d-a3db-54d5393e5e1b" /> - [x] After importing custom Root Certificate -> Verify that the UI displays ## Logic - [x] Maybe we should write new `CustomCertificateService.ts` to store and handle custom certificate (maybe we will use this class to store Client/Server customer certificate too) - [x] All custom certificates should be stored in ` Proxyman Data Folder -> Custom Certificate Folder` - [x] Do not store user p12 passphare. We decrypt p12 file to PEM and Private Key. - [x] Write a simple func to verify if it's a valid Root Certificate. Ping @NghiaTranUIT to get the idea. If it's invalid, still import it, but show warning yellow label on the UI to warning the user - [x] ✅ IMPORTANT LOGIC: If Custom Root Certificate is provided -> We should clear all cache certificates (read `ca.js`) and know where it's store and we should clear all cache and delete old server certificate (which was issued by old Root Certificate)
kerem commented 2026-03-03 19:51:02 +03:00
Author
Owner
Copy link

@NghiaTranUIT commented on GitHub (May 29, 2025):

How to test

  1. Generate new default Root Certificate -> When doing Mitm, make sure we generate Server Certificate by using Defualt Root Certificate (It's a default behavior) -> Open Google Chrome -> Click on the Certificate issue on Toolbar -> Verify Issued By is a current Root Certificate
  2. Generate a new custom certificate with a different Organization Name by command line (Read https://docs.proxyman.com/advanced-features/custom-certificates)
  3. Do not delete the current certificate -> Go to Certificate Menu -> Add new Custom Root Certificate -> Add p12 -> Enter passphare -> Import success -> UI is updated with new Custom Certificate -> Make sure all old certificates are cleared
  4. When making a requests on Google Chrome -> verify Issued By is from the new CUstom Root Certificate
  5. When I delete a custom root certificate -> Because the default root certificate is already installed -> It show the current Root certificate -> I can intercept and decrypt HTTPS as normal (by using Default Custom Certificate)
<!-- gh-comment-id:2917975835 --> @NghiaTranUIT commented on GitHub (May 29, 2025): ## How to test 1. Generate new default Root Certificate -> When doing Mitm, make sure we generate Server Certificate by using Defualt Root Certificate (It's a default behavior) -> Open Google Chrome -> Click on the Certificate issue on Toolbar -> Verify `Issued By` is a current Root Certificate 2. Generate a new custom certificate with a different Organization Name by command line (Read https://docs.proxyman.com/advanced-features/custom-certificates) 3. Do not delete the current certificate -> Go to Certificate Menu -> Add new Custom Root Certificate -> Add p12 -> Enter passphare -> Import success -> UI is updated with new Custom Certificate -> Make sure all old certificates are cleared 4. When making a requests on Google Chrome -> verify `Issued By` is from the new CUstom Root Certificate 5. When I delete a custom root certificate -> Because the default root certificate is already installed -> It show the current Root certificate -> I can intercept and decrypt HTTPS as normal (by using Default Custom Certificate)
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
main
feat/new-version
3.12.0
3.11.0
3.10.0
3.4.0
3.5.0
3.6.0
3.7.0
3.8.0
3.9.0
3.3.0
2.25.0
2.24.0
3.2.0
3.0.0
3.1.0
2.26.0
2.27.0
2.23.0
2.22.0
2.21.0
2.20.0
2.19.0
2.18.0
2.17.0
2.16.0
2.15.0
2.14.0
2.13.0
2.12.0
2.11.1
2.11.0
2.10.0
2.9.0
2.8.0
2.7.0
2.6.0
2.5.0
2.4.0
2.3.0
1.9.2
2.0.0
1.9.1
1.8.1
1.9.0
1.8.0
1.7.0
1.6.0
1.5.0
1.4.0
1.3.0
1.2.0
1.1.0
1.0.0
0.10.0
0.9.0
0.8.0
0.6.0
0.5.0
0.4.2
0.4.1
0.4.0
0.3.0
0.1.1
0.2.0
0.1.0
Labels
Clear labels   
Linux

   
bug

   
enhancement

   
enhancement

   
pull-request

Mirrored from GitHub Pull Request

  
question

   
Done
No labels
Linux
bug
enhancement
enhancement
pull-request
question
Done
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/proxyman-windows-linux#505
No description provided.