How to Configure Charles Proxy to Monitor Advanced Atom Traffic

Document created by gbockelmann Employee on Sep 30, 2011Last modified by thanh_n88 on Jul 4, 2018
Version 11Show Document
  • View in full screen mode

AtomSphere gives you the ability to track data sent to/from a connector through use of the Test Mode feature. It provides you a simple view of the business content that you want to work with in your Process flow.


When troubleshooting complex issues that require the analysis of the raw messages sent to/from a web application, it is helpful to review the web traffic sent to and from the atom. A proxy tool such as Charles Proxy offers a way for you to track this information during your debugging. The following steps outline how to enable Charles Proxy to see traffic that is being sent securely from a local atom.

Warning: configuring Charles Proxy to work with an atom can affect the atom's internal processing. You should only follow these steps on a local test atom

Setting up Charles Proxy

  1. Download and install Charles Proxy (not the Firefox add-on)
  2. In Charles, go to the Help menu and choose "SSL Proxying" > "Save Charles Root Certificate..."

  3. Save the root certificate (as a .cer) to your desktop (e.g. C:\Users\<<user>>\Desktop\charles-proxy-ssl-proxying-certificate.cer) or somewhere where you can easily access it in the next steps

  4. Determine which JRE the Atom is using by going to: <atom_installation_directory>\.install4j\pref_jre.cfg and seeing what's the entry in the file
    1. If there is no pref_jre.cfg, then look in the inst_jre.cfg located in the same directory
    2. [optional] If you wish to change the JRE that the atom is using, make a copy of the inst_jre.cfg file and renamed the copied file to be pref_jre.cfg
    3. [optional] In the pref_jre.cfg file, change the file path to the JRE home folder you want to use
  5. Find the cacerts file. It should be in your <<JAVA_HOME>>/jre/lib/security/cacerts, where <<JAVA_HOME>> is your java home directory for the JVM. In the example below the java home directory is "C:\Program Files\Java"
  6. Import the Charles Root Certificate
    1. Open the cmd window
    2. Go to the bin folder (via cd) where the keytool command exists, usually in your JAVA_HOME/jre/bin directory
    3. Run the command below but adjusted for your certificate and cacert's location
      keytool -import -alias charles -file "C:\Users\guest_user\Desktop\charles-proxy-ssl-proxying-certificate.cer" -keystore "C:\Program Files\Java\jre8\lib\security\cacerts" -storepass changeit

      Note: The *.cer filename may be different depending on the version of Charles Proxy installed, if that is the case, change the name/path accordingly. The value "changeit" is the default cacerts password. If you have modified it, change it accordingly. If you get a permission denied error when you run the above command, you need to run the command prompt as an administrator and try the import again.

    4. The command prompt should show something similar to the following, if it is successful:

      Trust this certificate?: yes

      Certificate was added to keystore


Setting up the atom

  1. Go to the atom.vmoptions file located at <<atom_installation_directory>>\bin\atom.vmoptions
  2. Add the following lines to the atom.vmoptions:
  3. Save the file and restart the atom
  4. If your atom has a proxy set up in the (located in <<atom_installation_directory>>\conf), you have to remove or comment out the proxy related lines



Configuring Charles Proxy

  1. Start Charles Proxy and go to "Proxy" > "Proxy Settings"
  2. On the "Proxies" tab, set HTTP Proxy port to "8888"
  3. On Windows tab, uncheck "Enable Windows Proxy" and uncheck "Enable Windows Proxy at startup"
  4. Go to the "Proxy" > "SSL Proxying"
  5. Check "Enable SSL Proxying"
  6. Note: You will need to do this every time you want to see traffic to a different endpoint. Add the domains for all the SSL Locations your processes will connect to. If you do not add the domain to this list you will not be able to view the raw request/response data. For more information, read the changes to new Charles Proxy Version for SSL-
  7. To add an new endpoint, click "Add" then enter the top level domain name (e.g. for boomi site add *; for google sites * You can typically leave the port number blank

    Here is an example of common locations as a starting point. You can always add more later:



  8. Make sure browser proxies are turned off
  9. Execute a process on the local atom and if configured properly, the communications will be captured as an entry to the endpoint you configured before
6 people found this helpful