Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Fiddler 4 Certificate error on Windows

I am using Fiddler to monitor HTTPS traffic for our private project. After upgrading to Windows 10 and installing Fiddler, I am unable to create a root certificate. I tried using Both CertEnroll and MakeCert and both returned that they cannot create a root certificate:

09:53:54:2275 Fiddler.CertMaker> [C:\Program Files (x86)\Fiddler2\MakeCert.exe -r -ss my -n "CN=DO_NOT_TRUST_FiddlerRoot, O=DO_NOT_TRUST, OU=Created by http://www.fiddler2.com" -sky signature -eku 1.3.6.1.5.5.7.3.1 -h 1 -cy authority -a sha256 -m 132 -b 01/07/2015 ] Returned Error: Creation of the interception certificate failed.

makecert.exe returned -1.

Results from C:\Program Files (x86)\Fiddler2\MakeCert.exe -r -ss my -n "CN=DO_NOT_TRUST_FiddlerRoot, O=DO_NOT_TRUST, OU=Created by http://www.fiddler2.com" -sky signature -eku 1.3.6.1.5.5.7.3.1 -h 1 -cy authority -a sha256 -m 132 -b 01/07/2015

Error: Can't create the key of the subject ('JoeSoft') Failed

AND

09:43:37:0332 /Fiddler.CertMaker> Invoking CertEnroll for Subject: CN=DO_NOT_TRUST_FiddlerRoot, O=DO_NOT_TRUST, OU=Created by http://www.fiddler2.com; Thread's ApartmentState: MTA 09:43:39:0853 !ERROR: Failed to generate Certificate using CertEnroll. System.Reflection.TargetInvocationException Exception has been thrown by the target of an invocation. < CertEnroll::CX509PrivateKey::Create: The requested operation cannot be completed. The computer must be trusted for delegation and the current user account must be configured to allow delegation. 0x80090345 (-2146892987 SEC_E_DELEGATION_REQUIRED)

Every time when changing the service I Reset All Certificates and/or Removed Interception Certificates. Also the key in AppData/Roaming/Microsoft/Crypt/RSA/{LONG_ID} is nowhere to be found (the folder is always empty). After browsing through forums, I followed some instructions and downloaded the Bouncy Castle Certificate Maker (the one suggested for Android) and that one created 2 root certificates and added them to Windows so they will be trusted. After doing so, all my HTTPS traffic looked like HTTP with tunneling. When looking into that issue, I found that in Text view it said

"This is a CONNECT tunnel, through which encrypted HTTPS traffic flows. Fiddler's HTTPS Decryption feature is enabled, but this specific tunnel was configured not to be decrypted. Settings can be found inside Tools > Fiddler Options > HTTPS."

AND the logger returned a few of the following:

"10:02:38:5419 !Certificate cache didn't find certificate for [server.com]. Returning null to thread #30. ___ 10:02:38:5419 fiddler.https> Failed to obtain certificate for server.com due to Certificate Maker returned null when asked for a certificate for server.com"

"Failed to create certificate for server.com: The requested operation cannot be completed. The computer must be trusted for delegation and the current user account must be configured to allow delegation."

In the properties of a tunneling connection, I found

"X-HTTPS-DECRYPTION-ERROR: Could not find or generate interception certificate."

Do you have any solutions for me? I'd really appreciate it. Thank you! :)

like image 708
Sebastian Luke Avatar asked Jan 08 '16 08:01

Sebastian Luke


People also ask

How do I check my Fiddler certificate?

Configure Windows Client to trust Fiddler Root Certificate. Enable HTTPS traffic decryption. Next to Trust the Fiddler Root certificate?, click Yes.

How do I add a certificate to Fiddler?

Start Fiddler Everywhere and go to Settings > HTTPS. Click the Trust Root Certificate button. Confirm your choice and add the certificate in the popup that appears. Enable capturing the HTTPS traffic by selecting the Capture HTTPS traffic checkbox.

Where does Fiddler install certificates?

cer"; ...then Fiddler will simply use that certificate for the current session. Otherwise, Fiddler will look for the file %USERPROFILE%\My Documents\Fiddler2\ClientCertificate. cer and attach that certificate.


2 Answers

Well, it seems that in the end it was a Windows Issue. My PC is part of the company Domain and even though my user was an Administrator of this PC, not everything was fully functional (for example I could run as Administrator any app with no problem, but couldn't create a Root Certificate). The issue was found by my colleague in the Windows Credentials Manager and he fixed it with the following Registration Entry (.reg):

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Protect\Providers\df9d8cd0-1501-11d1-8c7a-00c04fc297eb]
"ProtectionPolicy"=dword:00000001

I hope this helps someone avoid hours of searching on the internet for a fix.

like image 69
Sebastian Luke Avatar answered Oct 09 '22 19:10

Sebastian Luke


Reset All Cerificates

You need to reset Fiddler Root Certificate , After that everything will be fine

like image 3
Raaghu Avatar answered Oct 09 '22 19:10

Raaghu