Adding SSL Certificates from OWASP ZAP - A Visual Walkthrough

Nitin Venkatesh's Gravatar

Nitin Venkatesh
published Dec. 14, 2014, 8 a.m.

So, you've setup OWASP ZAP and are routing your browser's traffic through it and are ready to do some digging, but everytime you hit a site, you get an annoying SSL Security Exception error and when you view the certificate, it is the OWASP ZAP Certificate.



OWASP ZAP has a beautiful dynamic SSL Certificate generation feature that takes care of decrypting your SSL encrypted traffic while proxying it, but if you don't want to be annoyed by the constant SSL Exception Error prompts by your browser, you will need to add the OWASP ZAP Certificate to your list of certificates and recognize it as a Root CA.

Note: Please be careful when manually adding certificates to your browser as it could be a huge security risk if you put in a key that is shared with other people or from an unknown source.

Visual Walkthrough

  1. Open up OWASP ZAP, go to Tools -> Options
  2. In the Certificates section, click on Generate if you don't see a certificate, else, Save the certificate in some location comfortable to you like your home folder.



  3. Now, navigate to the Preferences of your browser (Firefox in my case and the following example). Now click on the Advanced tab and in there navigate to the Certificates tab and click on View Certificates



  4. We now select the Authorities tab and click on Import and choose the OWASP ZAP Root Certificate we saved earlier. Check all the boxes, saying that this certificate can authenticate websites, mails, etc..




  5. Now that it's imported, try browsing a site with HTTPS enabled. You'll see that you're no longer prompted with the SSL Security Exception Error message.