配置 Mihomo 中的自签名证书 (避免跳过证书验证) [Configuring Self-Signed Certificates in Mihomo (Avoiding skip-cert-verify:)]

[SanujaNS]

大家好，mihomo社区：

我发帖咨询关于配置 mihomo 使用自签名证书的可能性，类似于在 sing-box 中的做法。在 sing-box 中，我们可以在 tls 设置下指定 certificate 和 certificate_path 来提供我们自己的证书，并避免使用 skip-cert-verify:。 这允许我们安全地连接到使用自签名证书的服务器，而不会通过跳过验证来降低安全性。

以下是在 sing-box 中如何配置的示例：

{
  certificate: "",
  certificate_path: ""
}

我想了解 mihomo 是否支持类似的配置方法。具体来说：

1. 是否可以配置 mihomo 通过提供证书和私钥文件来使用自签名证书？
2. 如果可以，应该如何配置？ 配置选项是什么，应该放在 mihomo 配置文件中的哪个位置？

提供一种正确配置自签名证书的方法对于需要安全连接到使用自己证书的服务器的用户来说将非常有用，而无需采用跳过证书验证的方式。

感谢您的时间和帮助！

请注意： 以上中文版本是由英文版本翻译而来，可能存在细微的语言差异，但已尽力确保技术含义的准确性。 ( Please note: The above Chinese version was translated from the English version. There might be minor linguistic differences, but I have tried my best to ensure the accuracy of the technical meaning.)

---

Hello mihomo community,

I am writing to inquire about the possibility of configuring mihomo to use self-signed certificates, similar to how it's done in sing-box. In sing-box, we can specify the certificate or certificate_path under the tls section to provide our own certificates and avoid using "insecure" (skip-cert-verify:). This allows us to securely connect to servers using self-signed certificates without compromising security by skipping verification.

Here is an example of how it's done in sing-box:

{
  certificate: "",
  certificate_path: ""
}

I would like to know if mihomo supports a similar configuration method. Specifically:

1. Is it possible to configure mihomo to use self-signed certificates by providing the certificate and private key files?
2. If yes, how can this be configured? What are the configuration options and where should they be placed in the mihomo configuration file?

Providing a way to properly configure self-signed certificates would be very helpful for users who need to connect to servers using their own certificates in a secure manner, without resorting to skipping certificate verification.

Thank you for your time and assistance!

[hwpplzdurrt]

Another document: https://github.com/MetaCubeX/mihomo/blob/Alpha/docs/config.yaml

[SanujaNS]

Thank you for your response. I reviewed the configuration file, but unfortunately, it didn't provide the answers I require. I was hoping a contributor might be able to offer some insight.

[Plutonium141]

可以试试tls.custom-certifactes:
相关提交f565edd

[SanujaNS]

It worked. Thank you. I tried it before but didn't work. Maybe new update fixed it. Thanks again for taking time to answer.
(成功了。谢谢。我之前试过，但没用。也许新更新修复了这个问题。再次感谢您抽出时间回答。)

[xishang0128]

https://wiki.metacubex.one/config/proxies/tls/#fingerprint

ca/ca-str only for quic protocol

[SanujaNS]

Thank you for taking time to answer.