From 0f30fe9694a6ede52387c24932d79773f2248625 Mon Sep 17 00:00:00 2001
From: Otto Mao <ottomao@gmail.com>
Date: Mon, 16 Mar 2015 13:53:57 +0800
Subject: [PATCH] Created How to config https proxy (markdown)

---
 How-to-config-https-proxy.md | 27 +++++++++++++++++++++++++++
 1 file changed, 27 insertions(+)
 create mode 100644 How-to-config-https-proxy.md

diff --git a/How-to-config-https-proxy.md b/How-to-config-https-proxy.md
new file mode 100644
index 0000000..f435d0a
--- /dev/null
+++ b/How-to-config-https-proxy.md
@@ -0,0 +1,27 @@
+After configuring rootCA, AnyProxy could help to decrypt https requests, whose approach is also called Man-In-The-Middle(MITM).
+
+Here is the guide to config your https proxy.
+
+#### step 1 - install openssl
+* openssl is availabe here : [http://wiki.openssl.org/index.php/Compilation_and_Installation](http://wiki.openssl.org/index.php/Compilation_and_Installation) 
+* using ``openssl version -a `` to make sure it is accessible via you command line.
+
+#### step 2 - generate a rootCA and trust it
+* execute ``sudo anyproxy --root``
+* start anyproxy by ``anyproxy``, fetch rootCA.crt via http://localhost:8002/fetchCrtFile, then open and trust it.
+* you should trust this rootCA on all of your clients.
+
+#### to intercept(decrypt) https requests
+* start your anyproxy by ``anyproxy --intercept``. When rootCA exists, it will intercept(decrypt) all the https requests for you.
+* if you meet with a warning like 'unsafe connection', please check if the root CA is correctly trusted by your operation system.
+
+#### to start an https proxy
+* ``anyproxy --type https --host my.domain.com``
+* the param ``host`` is required with https proxy and it should be kept exactly what it it when you config your browser. Otherwise, you may get some warning about security.
+* using **https proxy** means your request towards proxy will be encrypted. Please notice that this feature has nothing to do with **intercept https requests**.
+
+#### about certs
+* root certs and temperary certs are stored at ``path.join(util.getUserHome(),"/.anyproxy_certs/")``
+* to get the rootCA.crt file , you may either find it in local dir or download it via anyproxy web interface
+* to clear all the temperary certificates ``anyproxy --clear``
+* https features may be unstable in windows
\ No newline at end of file