Charles generates its own certificates for sites, which it signs using the Charles CA Certificate. You will see a warning in your browser, or other application, when it receives that certificate because the Charles CA Certificate is not in your list of trusted root certificates.

The following instructions are for different browsers and applications to help you trust Charles’s CA Certificate so you no longer see certificate warnings.

Note that Charles’s CA Certificate changed with version 3.1 of Charles, so if you have already followed this procedure for an older version of Charles you will need to do it again. The CA certificate ought not to require changing again for a long time.

Browse to an SSL site and you’ll see a warning (if you don’t you’ve perhaps already trusted the Charles CA Certificate). Click the View Certificate option. Alternatively you can always view the certificate by double-clicking the padlock icon in the status bar.

Go to the Certification Path tab. You’ll see the site’s certificate has been generated and signed by the Charles CA Certificate, but the Charles certificate will have a red cross through it - indicating that it isn’t trusted.

Select the Charles CA Certificate and click View Certificate. You will then see all of the details for the Charles CA Certificate. Click the Install Certificate button; you will then need to click Next a few times through a wizard (the default options are AOK). You will be asked to confirm the thumbprint, which is:

d5 a8 9e 23 ab 34 8f 9a 00 88 50 83 69 f5 fe dd e8 54 f4 93

Now that the Charles CA Certificate is installed in your list of trusted root certificates you will no longer see warnings when using Charles to debug SSL sites.

Open the charles.cer file in the docs directory in your Charles installation directory, probably C:\Program Files\Charles\docs. If the certificate is not already installed it will say “This CA Root certificate is not trusted.” at the top of the window. Click Install Certificate to start the Certificate Import Wizard. Click Next past the information page. Choose to Place all certificates in the following store rather than the automatic option. Click Browse to choose the store and choose Trusted Root Certification Authorities. Click OK to close the Browse window then click Next then Finish.

You’ll be presented with a Security Warning. The thumbprint (sha1) should read: D5A89E23 AB348F9A 00885083 69F5FEDD E854F493. Click Yes to install the certificate.

You may need to restart IE before the installation takes affect.

Open the Options dialog, go to Advanced tab, then choose the Security tab. Click View Certificates.

Go to the Authorities tab and click Import.

Find the charles.cer file. On Windows and Linux it is in the docs directory in your Charles installation directory. On Mac OS X (or if you can’t find it) you can download and unzip charles_ca_certificate.zip.

Choose the charles.cer file. Indicate that the certificate will be used for trusting web sites, then complete the import. Firefox will now always trust certificates signed by Charles.

If Firefox asks you for a password when you try to import the certificate; ensure that you’re on the Authorities tab before you click Import.

After importing you can delete the charles.cer file if you downloaded it.

Open the Options dialog, go to Advanced tab, then choose the Encryption tab. Click View Certificates.

Go to the Authorities tab and click Import.

Find the charles.cer file. On Windows and Linux it is in the docs directory in your Charles installation directory. On Mac OS X (or if you can’t find it) you can download and unzip charles_ca_certificate.zip.

Choose the charles.cer file. Tick the “Trust this CA to identify web sites” check box, then complete the import. Firefox will now always trust certificates signed by Charles.

If Firefox asks you for a password when you try to import the certificate; ensure that you’re on the Authorities tab before you click Import.

After importing you can delete the charles.cer file if you downloaded it.

Download and unzip charles_ca_certificate.zip. The zip contains the charles.cer file.

Run the Keychain Access utility from the Applications/Utilities folder. This tool enables you to manage your certificates.

On Leopard choose the System keychain (pre-leopard choose the X509Anchors keychain) from the list in the top-left of the window. You’ll see the list of root certificates appear in the main area of the window. Go to the File menu and choose Import..., choose the charles.cer file you downloaded above, ensuring that X509Anchors is chosen in the Keychain dropdown menu.

This will load the Charles CA Certificate into your list of trusted certificates. Close the Keychain Access application to commit the change.

After importing you can delete the charles.cer file.

You will then need to quit and reopen Safari to see the change.

You can add the Charles CA Certificate to your root certificate trust store in Java, then all Java applications will trust the certificates that Charles issues.

Note that you may need to do this each time you upgrade your Java installation.

First find the cacerts file, it should be in your JAVA_HOME/jre/lib/security/cacerts, where JAVA_HOME is your java home directory for the JVM you’re using.

Note: On Mac OS X your must download and unzip charles_ca_certificate.zip to get the charles.cer file required below. You will need to change the path to charles.cer accordingly. After importing you can delete the charles.cer file.

Then type (substituting for JAVA_HOME and CHARLES_DIR): keytool -import -alias charles -file CHARLES_DIR/docs/charles.cer -keystore JAVA_HOME/jre/lib/security/cacerts -storepass changeit

(changeit is the default password on the cacerts file)

Then try: keytool -list -keystore JAVA_HOME/jre/lib/security/cacerts -storepass changeit

If you’ve got multiple Java installations you may need to work out which ones you’re using to run your application and do this on the appropriate one. Or do it on all of your Java installations.