29 Dec 2021, updated: 10 Aug 2022
To comply with Apple’s rules regarding MacOS certificate expiry dates, Charles’ root certificates have much shorter expiry dates (read article here). This change came into effect on September 1 2020.
From version 4.6 of Charles onwards, new root certs will have a 1 year expiry, instead of the previous 50 year expiry date.
Check if Charles root cert has expired
- On your Mac, open the Keychain application and search for “Charles Proxy”
- Look for the “Not Valid After” date on the certificate
- If it has expired, you will need to replace it
Solution 1
Reset certificate
- Open Charles -> Help -> SSL Proxying -> Reset Charles Root Certificate…
- Now follow the on screen instructions
- Once complete, please restart Charles
Replace root certificate on iOS device
- To remove the certificate, go to Settings -> General -> Profiles -> tap the Charles root certificate-> tap on “Remove”
- To install a new certificate, go to http://chls.pro/ssl and install (and trust!) it
- If you’ve forgotten/not familiar with the install process, follow instructions here
Replace root certificate on Android device
- To remove the certificate, go to Settings -> Security -> Encryption & credentials -> Trusted credentials -> User -> tap on the Charles root cert (it’s called “XK72 Ltd”) -> tap “Remove
- To install a new certificate, go to http://chls.pro/ssl and install (and trust!) it
- If you’ve forgotten/not familiar with the install process, follow the relevant article below
Solution 2
Delete root certificate (on your computer)
- From the Keychain application, right-click the Charles Root certificate
- Select delete and follow the on screen instructions
Install a new root certificate
- Open Charles -> Help -> SSL Proxying -> Install Charles Root Certificate
- This should now open “Keychain Access” on your Mac. Follow the on screen instruction
- Once complete, please restart Charles
Replace root certificate on iOS device
- To remove the certificate, go to Settings -> General -> Profiles -> tap the Charles root certificate-> tap on “Remove”
- To install a new certificate, go to http://chls.pro/ssl and install (and trust!) it
- If you’ve forgotten/not familiar with the install process, follow instructions here
Replace root certificate on Android device
- To remove the certificate, go to Settings -> Security -> Encryption & credentials -> Trusted credentials -> User -> tap on the Charles root cert (it’s called “XK72 Ltd”) -> tap “Remove
- To install a new certificate, go to http://chls.pro/ssl and install (and trust!) it
- If you’ve forgotten/not familiar with the install process, follow the relevant article below
Solution 3
Another possible solution would be to install Charles 4.5.6 along side your existing version of Charles i.e. the version before the 1 year expiry date change. You can download the installation file from https://www.charlesproxy.com/assets/release/4.5.6/charles-proxy-4.5.6.dmg
Solution 4
If none of above solutions work, please add a comment below. Include:
- your version of Charles
- the type of machine you are using (Windows or Mac)
Feel free to email me (charlesdocsy@gmail.com) screenshots, videos, etc. and any other details you feel are helpful. I will respond (I would also like a solution to this problem!)
I tweeted the guy who runs Charles Proxy and asked him to investigate. If anyone has a solution to this problem, please add a comment and I will update this page
Charles Docs-y 
Hi – I have recently encountered this issue, but I test on iOS and Android, using a PC, not a mac. One cert on my iOS device expired – and the new cert I downloaded had the same expiry date as the old one. I attempted to load the cert from my PC, which works fine with my Android device, but on iOS it will not pass data (all calls are “unknown”). Have you seen anything similar? If so, do you know of a resolution?
LikeLike
Have you trusted the newly installed cert on iOS?
LikeLike
I have the same problem and it’s valid with trusted cert as well
LikeLike
Can you email me some screenshots (or a screen recording) and I’ll have a look? charlesdocsy@gmail.com
LikeLike
yes
LikeLike
Facing same issue guys.. Have installed the new Charles certificate after uninstalling the previous one but the new one downloaded also shows the expired certificate.. (It has old expiry date)
LikeLike
Have you replaced the root certificate on your laptop (I think that might be the problem)? The root cert you install on your device is just a copy of the laptop root cert. Can you give that a try and see if it fixes the issue?
LikeLike
Hello,
My Charles certificate expired. I followed the steps mentioned in this page
After delete and reinstalling certificate, i am seeing the old expired certificate only getting installed.
Screen recording is available at below link
https://drive.google.com/file/d/1QB395z5fyiaMu5x-aXhnpwA49nCOaIA_/view?usp=sharing
Could you please help me what needs to be done?
LikeLike
I was using Charles V3. I did the following as a workaround. It worked.
. Deleted Charles V 3
. Installed Charles V 4
. Reset Charles Certificate
. Delete Charles V 4
. Install Charles V 3
. Install Root Certificate. This installed a valid certificate. But the expiry is set to 1 year.
LikeLike
I tried this method Siva, but it did not work for me. It still tries to install an expired certificate.
LikeLike
I have the same problem as others in this thread. I have reset the Charles Root Certificate and, despite that, when I use the “Install Charles Root Certificate” option, I see a certificate appear in Keychain Access which has an expiry date of the previous day. I am encountering this problem with Charles version 4.6.2 on macOS 12.2.1.
LikeLike