Android 7 introduced some changes to the way certificates are handled (http://android-developers.blogspot.com/2016/07/changes-to-trusted-certificate.html) and somehow I cannot make my Charles proxy work any more. My network_security_config.xml: <pre class="prettyprint"><code><?xml version="1.0" encoding="utf-8"?> <network-security-config> <base-config> <trust-anchors> <certificates src="system" /> </trust-anchors> </base-config> <debug-overrides> <trust-anchors> <certificates src="user" /> </trust-anchors> </debug-overrides> </network-security-config> </code></pre> I'm running in debug mode. But no matter what, I get <code>javax.net.ssl.SSLHandshakeException: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.</code>. Needless to say, I did install a <code>pfx</code> certificate from <code>Settings -> Security -> Install from storage</code>. The certificate shows in <code>User Credentials</code> but not in <code>Trusted credentials -> User</code>. On my lollipop device, the certificates are listed there. I'm using okhttp3 as HTTP library. Any idea what I am doing wrong ?

The solution is do not use .p12, just navigate with Chrome (with configured proxy on wifi) to http://charlesproxy.com/getssl and install downloaded .pem file. I had exactly the same problem on my Nexus 5X running Android 7.0. There was previously exported .p12 from Charles 3.11.5 (Help->SSL Proxying->Export Charles Root certificate and Private key). When I tried to install .p12 from phone (Settings->Security->Install from storage) it appears only under "User credentials" and never at "Trusted credentials", and of course SSL with Charles proxy did not work. The total "how-to" for Android 7.0 would be like that: <ol> <li>Configure WiFi + proxy (how Charles requires it). Connect it.</li> <li>On device, navigate with Chrome to http://charlesproxy.com/getssl, accept request for download .pem, then press "open", it launches "Certificate installer" app. Use it to install the certificate as "VPN and apps". </li> <li>Put the attribute <code>android:networkSecurityConfig="@xml/network_security_config"</code> to <code><application></code> at Manifest.xml</li> <li>Create res/xml/network_security_config.xml with content from the first post (it is totally correct).</li> <li>Launch Charles and app and have fun. </li> </ol> P.S. Check date/time on the device. It should be correct.

How to get charles proxy work with Android 7 nougat?

Android 7 introduced some changes to the way certificates are handled (http://android-developers.blogspot.com/2016/07/changes-to-trusted-certificate.html) and somehow I cannot make my Charles proxy work any more.

My network_security_config.xml:

<?xml version="1.0" encoding="utf-8"?> <network-security-config>     <base-config>         <trust-anchors>             <certificates src="system" />         </trust-anchors>     </base-config>     <debug-overrides>         <trust-anchors>             <certificates src="user" />         </trust-anchors>     </debug-overrides> </network-security-config>

I'm running in debug mode. But no matter what, I get javax.net.ssl.SSLHandshakeException: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found..

Needless to say, I did install a pfx certificate from Settings -> Security -> Install from storage. The certificate shows in User Credentials but not in Trusted credentials -> User. On my lollipop device, the certificates are listed there.

I'm using okhttp3 as HTTP library.

Any idea what I am doing wrong ?

How do I download Charles Proxy certificate on Android?

On your Android device, open up the browser and go to the following URL chls.pro/ssl. This will download the certificate on your device. Note: use Chrome or Firefox to access the link. Attempt to install the ssl by tapping on the download notification.

How do I use Charles Proxy on Android 11?

From Android 11, or later, there are new configs in order to make Charles Proxy work: Verify that you install & trust Charles Proxy certificate. You can verify in Settings app -> Security -> Encryption & Credentials -> Trusted Credentials -> User Tab => Make sure Charles Proxy is loaded.

The solution is do not use .p12, just navigate with Chrome (with configured proxy on wifi) to http://charlesproxy.com/getssl and install downloaded .pem file.

I had exactly the same problem on my Nexus 5X running Android 7.0. There was previously exported .p12 from Charles 3.11.5 (Help->SSL Proxying->Export Charles Root certificate and Private key). When I tried to install .p12 from phone (Settings->Security->Install from storage) it appears only under "User credentials" and never at "Trusted credentials", and of course SSL with Charles proxy did not work.

The total "how-to" for Android 7.0 would be like that:

Configure WiFi + proxy (how Charles requires it). Connect it.
On device, navigate with Chrome to http://charlesproxy.com/getssl, accept request for download .pem, then press "open", it launches "Certificate installer" app. Use it to install the certificate as "VPN and apps".
Put the attribute android:networkSecurityConfig="@xml/network_security_config" to <application> at Manifest.xml
Create res/xml/network_security_config.xml with content from the first post (it is totally correct).
Launch Charles and app and have fun.

P.S. Check date/time on the device. It should be correct.

How to get charles proxy work with Android 7 nougat?

Tags:

android

ssl

android-7.0-nougat

mbonnin

People also ask

1 Answers

Alexander Skvortsov

Recent Activity

Donate For Us

How to get charles proxy work with Android 7 nougat?

Tags:

android

ssl

android-7.0-nougat

mbonnin

People also ask

1 Answers

Alexander Skvortsov

Related questions

Recent Activity

Donate For Us