Web Proxy MCP Server

by mako10k

Overview Schema Related Servers Score Discussions

JavaScript

ssl_create_ca

Create a Certificate Authority for SSL bumping to enable HTTPS traffic inspection in the Web Proxy MCP Server.

Instructions

Create a new Certificate Authority for SSL bumping

Input Schema

TableJSON Schema

Name	Required	Description	Default
`caName`	No	Name for the new CA (default: 'default')	default
`description`	No	Description for the CA
`overwrite`	No	Overwrite existing CA if it exists
`subject`	No	Certificate subject information

Implementation Reference

src/tools/tool-handlers.js:77-92 (handler)

MCP tool handler that routes ssl_create_ca calls to the SSLManager.createCA method and formats the response.

case 'ssl_create_ca':
  const caResult = await this.sslManager.createCA(
    args.caName,
    {
      description: args.description,
      overwrite: args.overwrite,
      subject: args.subject
    }
  );
  
  return {
    content: [{
      type: "text",
      text: `✅ Certificate Authority created: ${caResult.caName}\n\n📁 CA Directory: ${caResult.caDir}\n🔑 CA Certificate: ${caResult.caCertPath}\n\n${caResult.installationInstructions}`
    }]
  };

src/tools/tool-definitions.js:149-183 (schema)

Input schema and tool definition for ssl_create_ca, used for validation and MCP registration.

ssl_create_ca: {
  name: "ssl_create_ca",
  description: "Create a new Certificate Authority for SSL bumping",
  inputSchema: {
    type: "object",
    properties: {
      caName: {
        type: "string",
        description: "Name for the new CA (default: 'default')",
        default: "default"
      },
      description: {
        type: "string",
        description: "Description for the CA"
      },
      overwrite: {
        type: "boolean",
        description: "Overwrite existing CA if it exists",
        default: false
      },
      subject: {
        type: "object",
        description: "Certificate subject information",
        properties: {
          C: { type: "string", description: "Country", default: "US" },
          ST: { type: "string", description: "State", default: "CA" },
          L: { type: "string", description: "Locality", default: "San Francisco" },
          O: { type: "string", description: "Organization", default: "Web Proxy MCP Server" },
          OU: { type: "string", description: "Organizational Unit", default: "Development" },
          CN: { type: "string", description: "Common Name" }
        }
      }
    }
  }
},

src/ssl/ssl-manager.js:49-96 (helper)

Core SSLManager.createCA method that implements CA creation using OpenSSL, generates keys, certificates, configs, and provides installation instructions.

async createCA(caName = null, options = {}) {
  if (caName) {
    this.currentCA = caName;
    this.caDir = path.join(this.caBaseDir, this.currentCA);
  }

  await this._ensureDirectories();

  const caExists = await this._checkCAExists();
  if (caExists && !options.overwrite) {
    throw new Error(`CA '${this.currentCA}' already exists. Use overwrite option to recreate.`);
  }

  console.log(`🔧 Creating new Certificate Authority: ${this.currentCA}`);

  // Generate CA configuration
  const caConfig = this._generateCAConfig(options);
  const caConfigPath = path.join(this.caDir, 'ca.conf');
  await fs.writeFile(caConfigPath, caConfig);

  // Generate CA private key
  const caKeyPath = path.join(this.caDir, 'ca.key');
  const keyGenCmd = `openssl genrsa -out "${caKeyPath}" 4096`;
  this._executeSSLCommand(keyGenCmd);

  // Generate CA certificate
  const caCertPath = path.join(this.caDir, 'ca.crt');
  const certGenCmd = `openssl req -new -x509 -key "${caKeyPath}" -out "${caCertPath}" -days 3650 -config "${caConfigPath}"`;
  this._executeSSLCommand(certGenCmd);

  // Create certificate database
  await this._initializeCertDB();

  // Save CA metadata
  await this._saveCAMetadata(options);

  console.log(`✅ Certificate Authority '${this.currentCA}' created successfully`);
  console.log(`📁 CA Directory: ${this.caDir}`);
  console.log(`🔑 CA Certificate: ${caCertPath}`);
  
  return {
    caName: this.currentCA,
    caDir: this.caDir,
    caCertPath,
    caKeyPath,
    installationInstructions: this._getInstallationInstructions(caCertPath)
  };
}

Tool Definition Quality

C2.9/5.0

Behavior2/5

Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?

No annotations are provided, so the description carries full burden for behavioral disclosure. It states 'Create' which implies a write/mutation operation, but doesn't disclose critical behaviors: whether this requires admin permissions, if it's irreversible, what happens on failure, or if it affects existing SSL configurations. For a security-critical tool with zero annotation coverage, this is a significant gap in transparency.

Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.

Conciseness5/5

Is the description appropriately sized, front-loaded, and free of redundancy?

The description is a single, clear sentence that states exactly what the tool does without unnecessary words. It's front-loaded with the core action and purpose, making it immediately understandable. Every word earns its place in this concise formulation.

Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.

Completeness2/5

Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?

For a security tool that creates Certificate Authorities (a significant operation with potential system-wide impact), the description is insufficient. No annotations exist to provide safety context, no output schema documents what gets returned, and the description doesn't explain the consequences of creating a CA or how it integrates with the broader SSL/proxy system. Given the complexity and security implications, this should provide more complete context.

Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.

Parameters3/5

Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?

Schema description coverage is 100%, so parameters are well-documented in the schema itself. The description doesn't add any parameter-specific information beyond what's in the schema descriptions. This meets the baseline expectation when schema coverage is complete, but doesn't provide additional context about parameter relationships or usage patterns.

Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.

Purpose4/5

Does the description clearly state what the tool does and how it differs from similar tools?

The description clearly states the action ('Create') and resource ('Certificate Authority for SSL bumping'), making the purpose immediately understandable. However, it doesn't differentiate this tool from sibling SSL tools like 'ssl_generate_certificate' or 'ssl_list_cas', which would require more specific context about when to create a CA versus other SSL operations.

Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.

Usage Guidelines2/5

Does the description explain when to use this tool, when not to, or what alternatives exist?

No guidance is provided on when to use this tool versus alternatives. The description doesn't mention prerequisites, when SSL bumping requires a CA, or how this relates to sibling tools like 'ssl_generate_certificate' (which might depend on an existing CA). Without this context, an agent might struggle to choose between related SSL operations.

Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.

Install Server

Latest Blog Posts

Tool Definition Quality Score (TDQS)
By punkpeye on April 3, 2026.
mcp
The Hackers Who Tracked My Sleep Cycle
By punkpeye on March 26, 2026.
security
Open Source Has a Bot Problem
By punkpeye on March 19, 2026.
open source

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/mako10k/mcp-web-proxy'

If you have feedback or need assistance with the MCP directory API, please join our Discord server