How do I add an upstream certificate for proxy chaining?

bytedance / g3

Enterprise-oriented Generic Proxy Solutions

Apache License 2.0

395 stars 29 forks source link

How do I add an upstream certificate for proxy chaining? #221

Closed mspublic closed 1 month ago

mspublic commented 1 month ago

Hello @zh-jq We are trying to debug some issues with our environment. We would like to setup g3 as part of a proxy chain with the upstream proxy also doing MITM. But haven’t figured out how to configure g3 to trust the upstream rootCA. Your advice on how to configure this would be much appreciated.

thanks!

zh-jq commented 1 month ago

you can set tls interception client config in auditor like this:

tls_interception_client:
  ca_certificate: /path/to/cert.pem # or the pem string

or you can add that cert to the openssl trust store

mspublic commented 1 month ago

Thanks! We were doing it in tls_client.