New Transparent capture is in preview. Record every app's traffic with no proxy configuration, on Windows, macOS and Linux. Learn more

mountCertificateAuthorityAction Action

Expose the Fluxzy root certificate authority over a simple HTTP endpoint so devices and teammates can install it without copying files around.

Trusting the Fluxzy root certificate is the single biggest friction point when onboarding a new device to the proxy. Rather than emailing PEM files or asking testers to scp them across machines, you can publish the certificate over a regular HTTP request. The mountCertificateAuthorityAction short circuits the request pipeline and returns the CA, ready to be installed straight from the device that needs it.

When to use this action

Pick mountCertificateAuthorityAction when you need to hand the Fluxzy root certificate to a device or user without giving them shell access to the proxy host. Fluxzy replies with the certificate body directly, so a phone, a tablet, or a lab VM can fetch it through the proxy connection.

Common situations:

  • Onboarding mobile devices that cannot easily download a file from a desktop.
  • Bootstrapping disposable CI runners or containers that need to trust the Fluxzy CA before tests run.
  • Sharing the certificate with non technical testers via a memorable URL like http://fluxzy.ca/ or http://ca.local/.

Pair it with a hostFilter so the rule only triggers on the special hostname you reserve for certificate downloads.

Real world examples

Serve the CA on a dedicated hostname

Reserve a clear, memorable hostname for the download. A device pointed at the proxy can browse to that URL and install the certificate in two taps.

rules:
- filter:
    typeKind: HostFilter
    pattern: fluxzy.ca
  actions:
  - typeKind: MountCertificateAuthorityAction

Provide the CA only over plain HTTP for first time setup

Before a device trusts Fluxzy, HTTPS interception will fail. Restrict the action to plain HTTP so the certificate can be retrieved during initial enrollment.

rules:
- filter:
    typeKind: FilterCollection
    operation: And
    children:
    - typeKind: HostFilter
      pattern: ca.local
    - typeKind: IsSecureFilter
      inverted: true
  actions:
  - typeKind: MountCertificateAuthorityAction

Reference

mountCertificateAuthorityAction

Description

Reply with the default root certificate used by fluxzy

Evaluation scope

Evaluation scope defines the timing where this filter will be applied.

dnsSolveDone This scope occurs the moment fluxzy ends solving the DNS of the remote host

YAML configuration name

mountCertificateAuthorityAction

Settings

This action has no specific characteristic

Example of usage

The following examples apply this action to any exchanges

Reply with the default root certificate used by fluxzy.

rules:
- filter:
    typeKind: AnyFilter
  actions:
  - typeKind: MountCertificateAuthorityAction

.NET reference

View definition of MountCertificateAuthorityAction for .NET integration.

See also

The following actions are related to this action:

Frequently asked questions

Does the device still need to mark the certificate as trusted?

Yes. The action only delivers the certificate file. The user or the device management system must explicitly add it to the trust store, which on iOS also requires enabling full trust under Settings, General, About, Certificate Trust Settings.

Is the response a PEM or a DER file?

Fluxzy serves the certificate in a format browsers and mobile installers can consume directly. If you need a specific format, regenerate the CA with the Fluxzy CLI and host it on your own static server using serveDirectoryAction.

Should this rule stay enabled in production captures?

No. Once devices are enrolled, remove or scope down the rule so the CA endpoint is not reachable by anything else passing through the proxy.

Learn more about Fluxzy rules

Rule file syntax reference Importing YAML rules into Fluxzy Desktop Using rule files with Fluxzy CLI
Browse all directives