Hacker News new | ask | show | jobs
by q2dg 481 days ago
Will Mitmproxy stop working?
2 comments
notpushkin 481 days ago
Chrome treats certificates added by user as not requiring CT: https://github.com/mitmproxy/mitmproxy/discussions/5720
link
zinekeller 481 days ago
And to wit, Firefox too:

> Setting this preference to 2 causes Firefox to enforce CT for certificates issued by roots in Mozilla's Root CA Program.

link
perching_aix 481 days ago
I believe so. You'll need to disable CT enforcement / or add your SPKI hash to the ignore list in the browser settings temporarily to get it working. [0] I guess this is also how corporations get around this issue? Still unsure.

[0] https://wiki.mozilla.org/SecurityEngineering/Certificate_Tra...

link
mcpherrinm 481 days ago
No. CT is only required for public CAs. You only need those browser policy settings if you’re using a public CA without CT.
link
perching_aix 481 days ago
I'd imagine this is why certs that terminate in root certificates manually added to the trust store will work fine then [as stated by other comments]?
link
mcpherrinm 481 days ago
Right, any CA you add yourself that isn’t part of what Mozilla ships isn’t considered a publicly trusted CA.
link