Web Proxy MCP Server

Instructions

Implementation Reference

• src/tools/tool-handlers.js:125-136 (handler)

  The MCP tool handler for 'ssl_generate_certificate'. Validates arguments, calls SSLManager.generateServerCertificate(domain, altNames), and returns formatted response with certificate paths.
  case 'ssl_generate_certificate': const certResult = await this.sslManager.generateServerCertificate( args.domain, args.altNames ); return { content: [{ type: "text", text: `📜 Generated certificate for: ${certResult.domain}\n\n🔑 Private Key: ${certResult.keyPath}\n📄 Certificate: ${certResult.certPath}\n🏷️ Alt Names: ${certResult.altNames.join(', ')}` }] };
• src/tools/tool-definitions.js:218-237 (schema)

  JSON Schema definition for the 'ssl_generate_certificate' tool input, specifying required 'domain' parameter and optional 'altNames' array.
  ssl_generate_certificate: { name: "ssl_generate_certificate", description: "Generate server certificate for specific domain", inputSchema: { type: "object", properties: { domain: { type: "string", description: "Domain name for the certificate" }, altNames: { type: "array", items: { type: "string" }, description: "Alternative domain names (SAN)", default: [] } }, required: ["domain"] } },
• index.js:66-74 (registration)

  MCP server registration of all tools via ListToolsRequestSchema handler, which exposes 'ssl_generate_certificate' using the TOOLS definitions including name, description, and inputSchema.
  this.server.setRequestHandler(ListToolsRequestSchema, async () => { return { tools: Object.entries(TOOLS).map(([name, tool]) => ({ name, description: tool.description, inputSchema: tool.inputSchema })) }; });
• src/ssl/ssl-manager.js:103-154 (helper)

  Core implementation of certificate generation in SSLManager class. Uses OpenSSL commands via execSync to generate private key, CSR with SAN, sign with CA, and return paths. Called by the tool handler.
  async generateServerCertificate(domain, altNames = []) { if (!this.initialized) { await this.initialize(); } const caExists = await this._checkCAExists(); if (!caExists) { throw new Error(`CA '${this.currentCA}' does not exist. Create CA first.`); } console.log(`🔐 Generating certificate for: ${domain}`); const certDir = path.join(this.caDir, 'certs'); await fs.mkdir(certDir, { recursive: true }); const sanitizedDomain = domain.replace(/[^a-zA-Z0-9.-]/g, '_'); const keyPath = path.join(certDir, `${sanitizedDomain}.key`); const csrPath = path.join(certDir, `${sanitizedDomain}.csr`); const certPath = path.join(certDir, `${sanitizedDomain}.crt`); // Generate server private key const keyGenCmd = `openssl genrsa -out "${keyPath}" 2048`; this._executeSSLCommand(keyGenCmd); // Generate certificate config with SAN const certConfig = this._generateServerCertConfig(domain, altNames); const certConfigPath = path.join(certDir, `${sanitizedDomain}.conf`); await fs.writeFile(certConfigPath, certConfig); // Generate CSR const csrCmd = `openssl req -new -key "${keyPath}" -out "${csrPath}" -config "${certConfigPath}"`; this._executeSSLCommand(csrCmd); // Sign certificate with CA const caKeyPath = path.join(this.caDir, 'ca.key'); const caCertPath = path.join(this.caDir, 'ca.crt'); const signCmd = `openssl x509 -req -in "${csrPath}" -CA "${caCertPath}" -CAkey "${caKeyPath}" -CAcreateserial -out "${certPath}" -days 365 -extensions v3_req -extfile "${certConfigPath}"`; this._executeSSLCommand(signCmd); // Clean up CSR await fs.unlink(csrPath); await fs.unlink(certConfigPath); console.log(`✅ Certificate generated for ${domain}`); return { domain, keyPath, certPath, altNames }; }