To capture and analyze HTTPS traffic, OWASP ZAP (Zed Attack Proxy) must function as a proxy. Because browsers do not inherently trust the certificates ZAP generates for these encrypted sites, you must manually download and install the ZAP Root CA certificate. How to Download the OWASP ZAP Root CA Certificate
Alternatively, if ZAP is already running as a proxy, you can download the certificate by visiting http://zap/ in your browser and clicking the link. owasp zap root ca.cert download
: If no certificate is visible, click Generate . Click Save (or Export ) to download the .cer file to your computer. To capture and analyze HTTPS traffic, OWASP ZAP
In newer versions (v2.10+), look for > Server Certificates . In older versions, look for Dynamic SSL Certificate . : If no certificate is visible, click Generate
Unlike standard software downloads, the ZAP Root CA certificate is unique to your local installation and is generated the first time you run the tool. You can download or export it directly from the ZAP interface:
: Launch OWASP ZAP and navigate to Tools > Options . Locate Certificate Settings :