Expired Charles Proxy Root Certificate

Charles DocsyDecember 29, 2021September 29, 2023Android

Originally published 29 Dec 2021, updated: 29 Sept 2023

To comply with Apple’s rules regarding MacOS certificate expiry dates, Charles’ root certificates have much shorter expiry dates (read article here). This change came into effect on September 1 2020.

From version 4.6 of Charles onwards, new root certs will have a 1-year expiry, instead of the previous 50-year expiry date.

Check if Charles root cert has expired

On your Mac, open the Keychain application and search for “Charles Proxy”
Look for the “Not Valid After” date on the certificate
If it has expired, you will need to replace it

Solution 1

Reset certificate

Open Charles -> Help -> SSL Proxying -> Reset Charles Root Certificate…
Now follow the on-screen instructions
Once complete, please restart Charles

Replace root certificate on iOS device

To remove the certificate, go to Settings -> General -> Profiles -> tap the Charles root certificate-> tap on “Remove”
To install a new certificate, go to http://chls.pro/ssl and install (and trust!) it
- If you’ve forgotten/not familiar with the install process, follow instructions here

Replace root certificate on Android device

To remove the certificate, go to Settings -> Security -> Encryption & credentials -> Trusted credentials -> User -> tap on the Charles root cert (it’s called “XK72 Ltd”) -> tap “Remove
To install a new certificate, go to http://chls.pro/ssl and install it
- If you’ve forgotten/not familiar with the install process, follow the relevant article below
  - Android 11 (and newer)
  - Older Android versions

Solution 2

Delete root certificate (on your computer)

From the Keychain application, right-click the Charles Root certificate
Select delete and follow the on-screen instructions

Install a new root certificate

Open Charles -> Help -> SSL Proxying -> Install Charles Root Certificate
This should now open “Keychain Access” on your Mac. Follow the on-screen instruction
Once complete, please restart Charles

Replace root certificate on iOS device

To remove the certificate, go to Settings -> General -> Profiles -> tap the Charles root certificate-> tap on “Remove”
To install a new certificate, go to http://chls.pro/ssl and install (and trust!) it
- If you’ve forgotten/not familiar with the install process, follow instructions here

Replace root certificate on Android device

To remove the certificate, go to Settings -> Security -> Encryption & credentials -> Trusted credentials -> User -> tap on the Charles root cert (it’s called “XK72 Ltd”) -> tap “Remove
To install a new certificate, go to http://chls.pro/ssl and install it
- If you’ve forgotten/not familiar with the install process, follow the relevant article below
  - Android 11 (and newer)
  - Older Android versions

Solution 3

Another possible solution would be to install Charles 4.5.6 alongside your existing version of Charles i.e. the version before the 1 year expiry date change. You can download the installation file from https://www.charlesproxy.com/assets/release/4.5.6/charles-proxy-4.5.6.dmg

Solution 4

If none of the above solutions work, please add a comment below. Include:

your version of Charles
the type of machine you are using (Windows or Mac)

Feel free to email me (charlesdocsy@gmail.com) screenshots, videos, etc. and any other details you feel are helpful. I will respond (I would also like a solution to this problem!)

I tweeted the guy who runs Charles Proxy and asked him to investigate. If anyone has a solution to this problem, please add a comment and I will update this page

14 thoughts on “Expired Charles Proxy Root Certificate”

SCT says:

February 11, 2022 at 8:19 am

Hi – I have recently encountered this issue, but I test on iOS and Android, using a PC, not a mac. One cert on my iOS device expired – and the new cert I downloaded had the same expiry date as the old one. I attempted to load the cert from my PC, which works fine with my Android device, but on iOS it will not pass data (all calls are “unknown”). Have you seen anything similar? If so, do you know of a resolution?

LikeLike

Reply
1. Charles Docsy says:
  
  February 11, 2022 at 10:49 am
  
  Have you trusted the newly installed cert on iOS?
  
  LikeLike
  
  Reply
  1. Edgar says:
    
    February 16, 2022 at 8:28 pm
    
    I have the same problem and it’s valid with trusted cert as well
    
    LikeLike
  2. Charles Docsy says:
    
    February 16, 2022 at 8:46 pm
    
    Can you email me some screenshots (or a screen recording) and I’ll have a look? charlesdocsy@gmail.com
    
    LikeLike
  3. Sherry says:
    
    March 4, 2022 at 6:49 am
    
    yes
    
    LikeLike
kitty says:

February 18, 2022 at 7:14 pm

Facing same issue guys.. Have installed the new Charles certificate after uninstalling the previous one but the new one downloaded also shows the expired certificate.. (It has old expiry date)

LikeLike

Reply
1. Charles Docsy says:
  
  February 18, 2022 at 9:46 pm
  
  Have you replaced the root certificate on your laptop (I think that might be the problem)? The root cert you install on your device is just a copy of the laptop root cert. Can you give that a try and see if it fixes the issue?
  
  LikeLike
  
  Reply
Siva says:

February 24, 2022 at 1:50 pm

Hello,

My Charles certificate expired. I followed the steps mentioned in this page

After delete and reinstalling certificate, i am seeing the old expired certificate only getting installed.
Screen recording is available at below link

https://drive.google.com/file/d/1QB395z5fyiaMu5x-aXhnpwA49nCOaIA_/view?usp=sharing

Could you please help me what needs to be done?

LikeLike

Reply
1. Siva says:
  
  February 25, 2022 at 3:24 pm
  
  I was using Charles V3. I did the following as a workaround. It worked.
  
  . Deleted Charles V 3
  . Installed Charles V 4
  . Reset Charles Certificate
  . Delete Charles V 4
  . Install Charles V 3
  . Install Root Certificate. This installed a valid certificate. But the expiry is set to 1 year.
  
  LikeLike
  
  Reply
Benny Lindberg says:

February 25, 2022 at 9:10 pm

I tried this method Siva, but it did not work for me. It still tries to install an expired certificate.

LikeLike

Reply
Adil Hussain (@adil_hussain_84) says:

March 4, 2022 at 12:42 am

I have the same problem as others in this thread. I have reset the Charles Root Certificate and, despite that, when I use the “Install Charles Root Certificate” option, I see a certificate appear in Keychain Access which has an expiry date of the previous day. I am encountering this problem with Charles version 4.6.2 on macOS 12.2.1.

LikeLike

Reply
Hritik Jaiswal says:

September 14, 2023 at 6:05 am

I’m also facing a similar issue that others are facing in Charles version 4.6.4 and MacOS Ventura 13.1.

I have tried to delete the previously installed certificate from Keychain and tried to install the new one from the latest version of Charles, but still no luck. The certificate that was installed with the latest Charles is expired and the expired certificate is not visible on the keychain.

To see you have to go to Keychain -> View -> Show Expired Certificate. Now the Charles expired certificate is visible on the Keychain but it is of no use.

LikeLike

Reply
1. Charles Docsy says:
  
  September 14, 2023 at 9:55 am
  
  I would suggest you go with “Solution 3” i.e. downgrade to version 4.5.6 (this is the version I personally use). If you downgrade, first make sure you export all your settings (Tools -> Import/export settings -> click “Export” tab -> click “Export” button).
  
  LikeLike
  
  Reply
  1. Hritik Jaiswal says:
    
    September 14, 2023 at 3:43 pm
    
    Hey, the problem is resolved. Resetting the certificate worked out for me.
    
    Another problem that I encountered was that I was not able to access any websites when Charles Proxy was opened
    
    This gets resolved by the below steps -> Go to Tools -> Allow List and make sure “Enable Allow List” is unchecked.
    
    LikeLike