Using public certificate for intercepting proxy

[sshantha22]

Hi,
I am currently running the proxy with the following command:
python3 -m proxy --port 8888 --plugins custom.MyPlugin --ca-cert-file intermediate.cert.pem --ca-key-file intermediate.key.nopass.pem --ca-signing-key ca.key.nopass.pem

and it works great. However, I am using a private CA here and this would require that client applications to update their certificate chain for validation. I am looking to simplify the adoption process here.

So my questions is: Is there support built in already to use a public certificate (not a CA certificate) with *.domain so that the same certificate can be used for all connections and not issue a custom certificate for each url? If yes, is there an example that I can use as reference?

[sshantha22]

The idea here is that if the original endpoint is example.com and if the proxy endpoint is xyz.com, then client will use endpoint example.xyz.com and the proxy will use *.xyz.com as the certificate and will forward requests to example.com after removing xyz from the url. this way, clients are not required to update their certificate chain or open up firewall for other ports.