Reset Fiddler’s HTTPS certificates

I’ve made changes to the latest versions of Fiddler to improve the performance of certificate creation, and to avoid problems with new certificate validation logic coming to Chrome and Firefox. The biggest of the Fiddler changes is that CertEnroll is now the default certificate generator on Windows 7 and later.

Unfortunately, this change can cause problems for users who have previously trusted the Fiddler root certificate; the browser may show an error message like NET::ERR_CERT_AUTHORITY_INVALID or The certificate was not issued by a trusted certificate authority.

Please perform the following steps to recreate the Fiddler root certificate:

Fiddler 4.6.1.5+

  1. Click Tools > Fiddler Options.
  2. Click the HTTPS tab.
  3. Ensure that the text says Certificates generated by CertEnroll engine.
  4. Click Actions > Reset Certificates. This may take a minute.
  5. Accept all prompts

Fiddler 4.6.1.4 and earlier

  1. Click Tools > Fiddler Options.
  2. Click the HTTPS tab
  3. Uncheck the Decrypt HTTPS traffic checkbox
  4. Click the Remove Interception Certificates button. This may take a minute.
  5. Accept all of the prompts that appear (e.g. Do you want to delete these certificates, etc)
  6. (Optional) Click the Fiddler.DefaultCertificateProvider link and verify that the dropdown is set to CertEnroll
  7. Exit and restart Fiddler
  8. Click Tools > Fiddler Options.
  9. Click the HTTPS tab
  10. Re-check the Decrypt HTTPS traffic checkbox
  11. Accept all of the prompts that appear (e.g. Do you want to trust this root certificate)

image

If you are using Fiddler to capture secure traffic from a mobile device or Firefox, you will need to remove the old Fiddler root certificate from that device (or Firefox) and install the newly-generated Fiddler certificate.

I apologize for the inconvenience, but I believe that the new certificate generator will help ensure smooth debugging with current and future clients.

-Eric Lawrence

Reset Fiddler’s HTTPS certificates

8 thoughts on “Reset Fiddler’s HTTPS certificates

  1. Thanks for this detail information. My firefox version is Firefox ESR 38.4.0 and it works perfectly with Fiddler application.
    But when I tried the demo application of FiddlerCore (http://www.telerik.com/fiddler…, it works with all browser except firefox. I also added on the code the following line on 267..

    FiddlerApplication.Prefs.SetBoolPref(“fiddler.certmaker.PreferCertEnroll”, true);

    But no luck. I always get like the attached file. Can you please give me link of any demo applicatoin of FiddlerCore that works with Firefox.

    Like

    1. “I have to trust the certificate every time, I build the application.”

      That generally isn’t the case, except that you’re using the CertMaker.dll/BCMakeCert.dll extension for generating certificates instead of using the built-in CertEnroll generator. (If you want to use that, simply remove the CertMaker.dll & BCMakeCert.dll from your app’s folder.

      If you want to use the extension, see http://weblog.west-wind.com/posts/2014/Jul/29/Using-FiddlerCore-to-capture-HTTP-Requests-with-NET#Gotcha:FiddlerCoreCertificatesdon’tstickbyDefault for information on how to cache the root certificate.

      Like

  2. RUSSELL GANTMAN says:

    Thanks a lot. This fixed the problem after an upgrade to 4.6.2 where it was not properly decrypting the traffic. I was only getting information about my certificate and the sites certificate (not the payload)

    Like

    1. Same action as what, exactly?

      Makecert makes certificates. It does not otherwise manipulate certificate stores.

      Can you elaborate on what you’re trying to achieve and why?

      Like

      1. DF says:

        You are right, I got that wrong…
        I’ve managed to solve the problem by installing the fiddler certificate on a new machine

        Like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s