CA Cert
Stoobly CA Certificate CLI - Questions & Answers
The CA certificate CLI manages SSL/TLS certificate authority operations for intercepting HTTPS traffic. Installing the CA certificate allows Stoobly to decrypt and inspect HTTPS requests for recording, mocking, and testing.
Understanding CA Certificates
Q: What is a CA certificate?
A: A CA (Certificate Authority) certificate is a root certificate that allows Stoobly to create valid SSL certificates for intercepting HTTPS traffic. It enables the proxy to decrypt, inspect, and re-encrypt HTTPS requests.
Example:
# Install CA certificate to enable HTTPS interception
stoobly-agent ca-cert installQ: Why do I need to install a CA certificate?
A: Installing the CA certificate allows Stoobly to intercept HTTPS traffic. Without it, you can only record and mock HTTP (non-encrypted) requests.
Example:
# Without CA cert: Only HTTP works
stoobly-agent record http://api.example.com/users
# With CA cert: Both HTTP and HTTPS work
stoobly-agent ca-cert install
stoobly-agent record https://api.example.com/users # Now works!Q: Is it safe to install the CA certificate?
A: Yes, the CA certificate is only installed on your local machine and is only trusted by your system. It's used solely for local development and testing. Remove it when done with ca-cert uninstall.
Example:
Installing CA Certificate
Q: How do I install the CA certificate?
A: Use ca-cert install to install the certificate authority certificate on your system.
Example:
Q: Where does the CA certificate get installed?
A: The CA certificate is installed in your system's trusted certificate store. The location varies by operating system:
macOS: Keychain Access
Linux:
/usr/local/share/ca-certificates/or system storeWindows: Certificate Manager
Example:
Q: Do I need sudo/admin privileges to install the CA certificate?
A: Yes, installing system certificates typically requires administrative privileges.
Example:
Q: How do I install the CA certificate to a custom directory?
A: Use the --ca-certs-dir-path option to specify where the CA certificate files are stored.
Example:
Q: What happens during CA certificate installation?
A: The installation process creates the CA certificate (if not exists), adds it to your system's trust store, and configures it to be trusted for SSL/TLS connections.
Example:
Viewing Certificate Path
Q: How do I find the path to the CA certificate file?
A: Use ca-cert show with the --format option to output the path to the certificate file in the specified format.
Example:
Q: What certificate formats are available?
A: The show command supports three formats: cer, p12, and pem. Each format has different use cases.
Example:
Q: How do I use the certificate path in scripts?
A: The show command outputs only the path to stdout, making it ideal for scripting and command substitution.
Example:
Q: What happens if the certificate doesn't exist?
A: The show command will output an error message and exit with a non-zero status if the certificate file is not found.
Example:
Q: How do I specify a custom CA certs directory?
A: Use the --ca-certs-dir-path option to search for certificates in a custom directory.
Example:
Q: When should I use the show command?
A: Use ca-cert show when you need the certificate path for manual import (e.g., Firefox), scripting, or when referencing the certificate in other tools.
Example:
Creating SSL Certificates
Q: How do I create an SSL certificate for a hostname?
A: Use ca-cert mkcert with the hostname to generate a signed certificate.
Example:
Q: How do I create certificates for multiple hostnames?
A: Run mkcert for each hostname you need to intercept.
Example:
Q: How do I create a wildcard certificate?
A: Use wildcard notation with the asterisk (*) for the subdomain.
Example:
Q: Where are the generated certificates stored?
A: Certificates are stored in the certs directory (default: ~/.stoobly/certs/).
Example:
Q: How do I specify a custom output directory for certificates?
A: Use the --certs-dir-path option to specify where certificates should be saved.
Example:
Q: How do I specify a custom CA certs directory?
A: Use the --ca-certs-dir-path option to use a different CA certificate for signing.
Example:
Uninstalling CA Certificate
Q: How do I uninstall the CA certificate?
A: Use ca-cert uninstall to remove the certificate from your system (coming soon).
Example:
Q: How do I manually remove the CA certificate?
A: Manually remove it from your system's certificate store until uninstall is implemented.
Example:
Workflow Integration
Q: When should I install the CA certificate?
A: Install it before recording or testing HTTPS traffic. It's typically done once per machine during initial setup.
Example:
Q: How do I use CA certificates with scaffold workflows?
A: The scaffold workflow automatically prompts for CA certificate installation when needed.
Example:
Q: How do I verify the CA certificate is installed?
A: Try recording HTTPS traffic. If it works without certificate errors, the CA cert is properly installed.
Example:
Troubleshooting
Q: What do I do if HTTPS recording fails?
A: Ensure the CA certificate is installed and trusted by your system.
Example:
Q: What if I get SSL verification errors?
A: The CA certificate may not be properly trusted. Reinstall or manually verify in your system's certificate store.
Example:
Q: How do I handle multiple CA certificates?
A: Use different --ca-certs-dir-path for different projects or environments.
Example:
Q: What do I do if certificate installation fails?
A: Check for permission issues, ensure the directory exists, and verify you have admin privileges.
Example:
Browser Configuration
Q: Do I need to configure my browser after installing the CA certificate?
A: Most browsers use the system certificate store, but some (like Firefox) use their own. You may need to import the certificate manually.
Example:
Q: How do I test if my browser trusts the CA certificate?
A: Start Stoobly proxy and visit an HTTPS site through it. If no certificate warning appears, it's working.
Example:
Team Collaboration
Q: Do team members need to install the CA certificate?
A: Yes, each team member needs to install the CA certificate on their machine to intercept HTTPS traffic.
Example:
Q: Can I share CA certificate files with my team?
A: You can share the CA certificate files, but each team member still needs to install them on their system.
Example:
Q: Should CA certificates be committed to version control?
A: Generally no, as they're generated per machine. However, for team consistency, you can share a common CA certificate by committing it.
Example:
CI/CD Integration
Q: How do I handle CA certificates in CI/CD?
A: Install the CA certificate in the CI environment before running tests.
Example:
Q: How do I use certificates in Docker containers?
A: Mount the CA certificate directory and install it in the container.
Example:
Security Considerations
Q: Is the CA certificate secure?
A: The CA certificate is only trusted on your local machine. However, anyone with access to the private key could intercept your HTTPS traffic, so protect the certificate files.
Example:
Q: Should I use the same CA certificate in production?
A: No! The CA certificate is for local development and testing only. Never use it in production environments.
Example:
Q: How do I rotate CA certificates?
A: Delete old certificates and generate new ones.
Example:
Quick Reference
Q: What are the most common ca-cert commands?
A: Here's a quick reference of frequently used commands:
Example:
Complete Setup Example
Q: What's the complete workflow for setting up CA certificates?
A: Install CA cert → Create host certificates → Configure proxy → Test HTTPS.
Example:
Platform-Specific Notes
Q: Are there any macOS-specific considerations?
A: On macOS, you may need to approve the certificate in Keychain Access and restart your browser.
Example:
Q: Are there any Linux-specific considerations?
A: On Linux, you may need to update the certificate store after installation.
Example:
Q: Are there any Windows-specific considerations?
A: On Windows, you may need to run the command prompt as Administrator.
Example:
Last updated
Was this helpful?