How to trust new certificate authority?

Has anyone been able to successfully trust an additional certificate authority in FAR? I’m trying to use mitmproxy, but can’t figure out how to get the system to trust the CA certificate it generated. I tried to follow the Fedora documentation but it’s not working. I had this working fine in Arch Linux. Actually, I’m starting to wonder if there is an OpenSSL bug in FAR because when I try to make the request over curl I get an OpenSSL exception

* CONNECT phase completed
* CONNECT tunnel established, response 200
* ALPN: offers h2,http/1.1
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
*  CAfile: /etc/pki/tls/certs/ca-bundle.crt
*  CApath: none
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (OUT), TLS alert, decrypt error (563):
* OpenSSL/3.0.9: error:0200008A:rsa routines::invalid padding
* Closing connection 0
curl: (35) OpenSSL/3.0.9: error:0200008A:rsa routines::invalid padding

Anyone have any luck with this?

Welp, it seems that my mitmproxy CA cert somehow got corrupted. I replaced the cert (at ~/.mitmproxy/mitmproxy-ca.pem) with a new one and now everything is working beautifully :man_shrugging:

1 Like