ssl_create_ca
Create a Certificate Authority for SSL bumping to enable HTTPS traffic inspection in the Web Proxy MCP Server.
Instructions
Create a new Certificate Authority for SSL bumping
Input Schema
TableJSON Schema
| Name | Required | Description | Default |
|---|---|---|---|
| caName | No | Name for the new CA (default: 'default') | default |
| description | No | Description for the CA | |
| overwrite | No | Overwrite existing CA if it exists | |
| subject | No | Certificate subject information |
Implementation Reference
- src/tools/tool-handlers.js:77-92 (handler)MCP tool handler that routes ssl_create_ca calls to the SSLManager.createCA method and formats the response.case 'ssl_create_ca': const caResult = await this.sslManager.createCA( args.caName, { description: args.description, overwrite: args.overwrite, subject: args.subject } ); return { content: [{ type: "text", text: `ā Certificate Authority created: ${caResult.caName}\n\nš CA Directory: ${caResult.caDir}\nš CA Certificate: ${caResult.caCertPath}\n\n${caResult.installationInstructions}` }] };
- Input schema and tool definition for ssl_create_ca, used for validation and MCP registration.ssl_create_ca: { name: "ssl_create_ca", description: "Create a new Certificate Authority for SSL bumping", inputSchema: { type: "object", properties: { caName: { type: "string", description: "Name for the new CA (default: 'default')", default: "default" }, description: { type: "string", description: "Description for the CA" }, overwrite: { type: "boolean", description: "Overwrite existing CA if it exists", default: false }, subject: { type: "object", description: "Certificate subject information", properties: { C: { type: "string", description: "Country", default: "US" }, ST: { type: "string", description: "State", default: "CA" }, L: { type: "string", description: "Locality", default: "San Francisco" }, O: { type: "string", description: "Organization", default: "Web Proxy MCP Server" }, OU: { type: "string", description: "Organizational Unit", default: "Development" }, CN: { type: "string", description: "Common Name" } } } } } },
- src/ssl/ssl-manager.js:49-96 (helper)Core SSLManager.createCA method that implements CA creation using OpenSSL, generates keys, certificates, configs, and provides installation instructions.async createCA(caName = null, options = {}) { if (caName) { this.currentCA = caName; this.caDir = path.join(this.caBaseDir, this.currentCA); } await this._ensureDirectories(); const caExists = await this._checkCAExists(); if (caExists && !options.overwrite) { throw new Error(`CA '${this.currentCA}' already exists. Use overwrite option to recreate.`); } console.log(`š§ Creating new Certificate Authority: ${this.currentCA}`); // Generate CA configuration const caConfig = this._generateCAConfig(options); const caConfigPath = path.join(this.caDir, 'ca.conf'); await fs.writeFile(caConfigPath, caConfig); // Generate CA private key const caKeyPath = path.join(this.caDir, 'ca.key'); const keyGenCmd = `openssl genrsa -out "${caKeyPath}" 4096`; this._executeSSLCommand(keyGenCmd); // Generate CA certificate const caCertPath = path.join(this.caDir, 'ca.crt'); const certGenCmd = `openssl req -new -x509 -key "${caKeyPath}" -out "${caCertPath}" -days 3650 -config "${caConfigPath}"`; this._executeSSLCommand(certGenCmd); // Create certificate database await this._initializeCertDB(); // Save CA metadata await this._saveCAMetadata(options); console.log(`ā Certificate Authority '${this.currentCA}' created successfully`); console.log(`š CA Directory: ${this.caDir}`); console.log(`š CA Certificate: ${caCertPath}`); return { caName: this.currentCA, caDir: this.caDir, caCertPath, caKeyPath, installationInstructions: this._getInstallationInstructions(caCertPath) }; }