Write by mane. Reproduction is not allowed (禁止轉載) !!! Introduction Some web servers NEED to verify the HTTPS certificate to allow access to the service, In pentester, if you get the ca.key file, you can self-signed to access the https service, because you can download ca.crt which include public key in HTTPS server. Private key is not allowed to be leaked, attacker can use this private key to generate new self-signed certificate and sign it in firefox, the firefox need to import PKCS#12 certificate. In general, to generate PKCS#12 to firefox, you need to obtain two files whose ca.ket and ca.crt . A Private Key Here have a example, Assuming you have obtained a ca.key file. $cat ca.key -----BEGIN PRIVATE KEY----- MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDPczpU3s4Pmwdb 7MJsi//m8mm5rEkXcDmratVAk2pTWwWxudo/FFsWAC1zyFV4w2KLacIU7w8Yaz0/ 2m+jLx7wNH2SwFBjJeo5lnz+ux3HB+NhWC/5rdRsk07h71J3dvwYv7hcjPNKLcRl uXt2Ww6GXj4oHhwziE2ETkHgrxQp7jB8pL96SDIJFNEQ1Wqp3eLNnPPbfbLLMW8M YQ4UlXO