Docs / Getting Started

Trust the CA Certificate

To read HTTPS, your system must trust MinPin's root certificate.

HTTPS is encrypted end-to-end. To let you read it, MinPin acts as a "man in the middle": it presents a certificate it signs with its own root CA, decrypts the traffic, then re-encrypts it to the real server. For your browser/apps to accept that certificate, the root CA must be trusted in your Keychain.

Install & trust the CA

On first run, MinPin generates a unique root CA and offers to install it. Accept the prompt.
The CA is added to your login Keychain. Set it to Always Trust when macOS asks (or open Keychain Access → the MinPin certificate → Trust → "Always Trust").
Verify: capture a request to an SSL-decoded host (see SSL Proxying) — the Response tab should show decrypted content, not a lock icon.

Heads upThe CA private key is generated on your Mac, stored with owner-only 0600 permissions, and never leaves the device. Anyone with that key could decrypt your HTTPS, so MinPin keeps it local and locked down.

TipFor iOS/Android devices, you install the same CA on the device — see Proxy iOS & Android.