Charles Proxy SSL Certificate not working

Question

I want to modify the website www.moviestarplanet.com. The site got https secured 2-3 weeks ago and i could not use charles anymore.. I've tried so much,but everytime it comes: unknown.

Could anyone help me? Instead of unknown there should be: Gateway. I already installed the certificate.. Maybe I'm doing something wrong?

Answer 1

If you don't see the Charles certificate in your list, after downloading it from Safari, you should go to Setting -> General -> Profile -> Install Charles Certificate. And then trust under Settings > General > About > Certificate Trust Settings.

Answer 2

After installing the root certificate, ensure the website you want to debug is added to the "Include" list in "Proxy" -> "SSL Proxying Settings"

Answer 3

High level steps

1. Go to Charles Proxy on your Mac. Help >> SSL Proxying >> Install Charles Root Certificate on Mobile device
2. Configure the IP given your WiFi settings - HTTP Proxy Settings
3. Hit Allow on your Mac
4. Go to chls.pro/ssl on your iPhone
5. Download the profile
6. Find the profile on your iPhone Settings
7. Install the profile into your iPhone
8. Trust the cert in your iPhone Settings >> About

Detail steps

The instructions for getting it working for the iOS couldn't be any worse.

So in case you needed to configure CharlesProxy for your iPhone connected to your Mac, then the steps are as followed:

Assuming your Mac's browser IP address is 192.168.1.5 then you should NOT put that IP Address into your iPhone's browser.

Where should you put it? Inside the wifi settings. But where? In the IPV4 ADDRESS settings? AGAIN NO!

You should go SCROLL DOWN and put the IP + port number in HTTP PROXY.

Then the rest of the steps are easy to follow. Just open Safari on your iPhone and open chls.pro/ssl and that should prompt your Mac. Hit Allow.

Then on your iPhone you should get a prompt for downloading a cert. Download it.

Go to Settings app. Find the Profile you downloaded. Click it.

Install it:

Trust it: Go to Settings app >> About. Scroll all the way to the bottom. >> Certificate Trust Settings >> Trust the cert.

IMPORTANT

Once you're done, then you need to set the HTTP proxy back to Automatic. Otherwise your iPhone will think it needs to do manual proxy and things won't work

Also note: VPN should be turned off at all times (during initial setup and usage). Otherwise instead of routing the traffic through Charles it will get routed through your VPN.

I ended up deleting my VPN app just to be safe.

Answer 4

I've been dealing with exactly the same, in my case it resolved by installing Charles Proxy's CA.

As explained in the documentation, in order to view ssl communications as plain text, instead of your browser seeing the server’s certificate, Charles dynamically generates a certificate for the server and signs it with its own root certificate (the Charles CA Certificate). Charles receives the server’s certificate, while your browser receives Charles’s certificate.

So you need to install Charles as CA to set it as trusted. The way to install it varies between browsers and operating systems.

Here I'm quoting what I guess are the most used cofigs:

Windows / Internet Explorer

In Charles go to the Help menu and choose "SSL Proxying > Install Charles Root Certificate". A window will appear warning you that the CA Root certificate is not trusted. Click the "Install Certificate" button to launch the Certificate Import Wizard. The certificate must be imported into the "Trusted Root Certification Authorities" certificate store, so override the automatic certificate store selection. Complete the wizard and your Charles Root Certificate is now installed. You may need to restart IE before the installation takes affect.

Mozilla Firefox

After installing the Charles Add-on for Mozilla, go to the Tools menu, the Charles submenu, and choose the "Install Charles Root Certificate" option. You will be presented with a certificate import dialog. Tick the option "Trust this CA to identify websites" and complete the import.

Mac OS X

In Charles go to the Help menu and choose "SSL Proxying > Install Charles Root Certificate". Keychain Access will open, and prompt you about the certificate. Click the "Always Trust" button. You will then be prompted for your Administrator password to update the system trust settings. You may need to quit and reopen Safari to see the change.

You can see all the available configurations in Charles ssl documentation.

Remember that after installing the certs it's important to restart your browser. This made the difference in my case.

Hope it helps.

Answer 5

I case you don't get the prompt for trusting the certificate (which means it stays untrusted ...) when installing it on OSX, you need to trust it manually in the keychain: Open the Keychain, search the Charles certificate, double click it, then choose Always trust for When using this certificate.

Answer 6

There is no clear information on whether this problem is with iOS or Mac.

Mauricio has explained how to solve this problem on Mac.

Let me take the liberty of how to fix this problem in iOS.

So basically there is a SSL trust issue that's happening on device that's why the request is not succeeding and you are getting the network connection failure

If you load the site on non-safari browsers such as Chrome you'll have a option to add an SSL exception for this particular site and proceed.

To fix the problem for once and all follow the below steps

Starting from iOS 10.3 SSL trust for the certificate has to be turned on manually for the manually installed certificate profiles in iOS so go to Settings > General > About > Certificate Trust Settings. Under Enable full trust for root certificates turn on trust for the certificate

Here is the link to apple documentation