Charles Proxy SSL certificate not accepted by browsers

Balint Erdi picture Balint Erdi · May 19, 2014 · Viewed 20.2k times · Source

I use Charles proxy (under OS X 10.9.3, Mavericks) to modify the Origin header so that an API (in development) I connect to accepts the incoming requests from the development environment.

I managed to make this work with a simple rewrite rule and everything worked until today.

The current problem is that the browser does not connect to the proxy (set up by Charles). The "Failure" field in the request says: "No request was made. Possibly the SSL certificate was rejected.", and below, in the Notes field: "You may need to configure your browser to trust the Charles CA SSL Certificate.".

I'd done this already and it worked perfectly. I have not changed anything in Charles's configuration since. The things I tried to get it working:

  1. Uninstall and reinstall the Charles certificate.
  2. Try the same in the following browsers: Chrome Canary, Chrome stable, Safari and Firefox
  3. Use an HTTP Proxy instead of the —more advanced— SOCKS proxy.

I also made sure that the Charles certificate is always trusted, no matter the default setting:

keychain access

Not sure if it's a clue to the solution but when I navigate to the api directly with Charles turned on, I see this: warning

The API is indeed hosted on the Windows Azure platform but I don't see why the Charles certificate (since Charles acts as a man-in-the-middle, showing its certificate to the browser) is made out to *.azurewebsites.com and not the actual host.

It is important to note that the actual host (let's say api.example.com) has a valid, purchased wildcard certificate for *.example.com.

If anyone has a hint of how to fix this or what exactly is happening, I'd really appreciate her advice.

Thank you.

ps. If I tweak the direct request to have a proper Origin header (with sensible information amended/cleared):

GET /xxx HTTP/1.1
Host: api.example.com
Connection: keep-alive
Cache-Control: max-age=0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/;q=0.8
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8,hu;q=0.6
Cookie: ...
Origin: https://acceptable.host.com

I get the following response back:

HTTP/1.1 400 Bad Request
Content-Length 46
Content-Type application/json; charset=utf-8
Server Microsoft-IIS/8.0
X-Powered-By ASP.NET
Set-Cookie ARRAffinity=secret-token;Path=/;Domain=api.example.com
Date Wed, 21 May 2014 07:58:02 GMT

Answer

user3456199 picture user3456199 · Oct 17, 2017

This is a super old question, but this is the answer that I found today for any folks that are still having issues with it.

https://www.charlesproxy.com/documentation/using-charles/ssl-certificates/

You have to allow your machine to accept the Charles ssl certificate. (on a mac, this is done through the keychain).