Over a million developers have joined DZone.
{{announcement.body}}
{{announcement.title}}

Charles Web Proxy Tip: Secure Charles Cert

DZone's Guide to

Charles Web Proxy Tip: Secure Charles Cert

· Java Zone
Free Resource

Learn how to troubleshoot and diagnose some of the most common performance issues in Java today. Brought to you in partnership with AppDynamics.

No doubt if you’ve done any web-using apps or applications you’re familiar with Charles Web Proxy for debugging — and if not, go check it out right now — but there is the niggling concern that when you use it to debug SSL communications you tell it to trust Charles’ root cert, which leaves a hole open for anyone who cares to sign themselves a cert and go to nefarious work on your device.

But fear not! If like us you’d managed to overlook this option so far, here’s a step by step guide to setting up a

Custom SSL Certificate With Charles Web Proxy

Luckily Charles supports using your own custom SSL certificate as the root certificate, which you have to create yourselves. This can be done using openssl. You will be asked some information about the certificate. I recommend at least setting Organization Name to something meaningful as for instance Charles Proxy Custom SSL certificate. This makes it easier to find the certificate in Keychain…

… Now simply select the charles.pfx file in Proxy Settings > SSL > Use a Custom CA Certificate in Charles. Notice that Charles only saves the path to the file, so place the file somewhere meaningful.

Remember to install the certificate in keychain by simply opening the charles.crt file. It can be installed in the iOS simulator by dragging the charles.crt into the simulator window and on your iOS device by sending it using email. Remember to delete the old Charles certificate if you had it installed.

Worth doing just in case, yep. And if you’re OCD enough to get annoyed entering the password each time, the article goes on with how to trick Charles into thinking your custom cert is its default and skip that. We’re good with QA having to know the password, personally, so we’ll leave over that part.

h/t: iOS Dev Weekly!

Understand the needs and benefits around implementing the right monitoring solution for a growing containerized market. Brought to you in partnership with AppDynamics.

Topics:

Published at DZone with permission of Alex Curylo, DZone MVB. See the original article here.

Opinions expressed by DZone contributors are their own.

THE DZONE NEWSLETTER

Dev Resources & Solutions Straight to Your Inbox

Thanks for subscribing!

Awesome! Check your inbox to verify your email so you can start receiving the latest in tech news and resources.

X

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}