I’ve made changes to the latest versions of Fiddler to improve the performance of certificate creation, and to avoid problems with new certificate validation logic coming to Chrome and Firefox. The biggest of the Fiddler changes is that CertEnroll is now the default certificate generator on Windows 7 and later.
Unfortunately, this change can cause problems for users who have previously trusted the Fiddler root certificate; the browser may show an error message like NET::ERR_CERT_AUTHORITY_INVALID or The certificate was not issued by a trusted certificate authority.
Please perform the following steps to recreate the Fiddler root certificate:
Fiddler 4.6.1.5+
- Click Tools > Fiddler Options.
- Click the HTTPS tab.
- Ensure that the text says Certificates generated by CertEnroll engine.
- Click Actions > Reset Certificates. This may take a minute.
- Accept all prompts
Fiddler 4.6.1.4 and earlier
- Click Tools > Fiddler Options.
- Click the HTTPS tab
- Uncheck the Decrypt HTTPS traffic checkbox
- Click the Remove Interception Certificates button. This may take a minute.
- Accept all of the prompts that appear (e.g. Do you want to delete these certificates, etc)
- (Optional) Click the Fiddler.DefaultCertificateProvider link and verify that the dropdown is set to CertEnroll
- Exit and restart Fiddler
- Click Tools > Fiddler Options.
- Click the HTTPS tab
- Re-check the Decrypt HTTPS traffic checkbox
- Accept all of the prompts that appear (e.g. Do you want to trust this root certificate)
If you are using Fiddler to capture secure traffic from a mobile device or Firefox, you will need to remove the old Fiddler root certificate from that device (or Firefox) and install the newly-generated Fiddler certificate.
I apologize for the inconvenience, but I believe that the new certificate generator will help ensure smooth debugging with current and future clients.
-Eric Lawrence
Thanks for this detail information. My firefox version is Firefox ESR 38.4.0 and it works perfectly with Fiddler application.
But when I tried the demo application of FiddlerCore (http://www.telerik.com/fiddler…, it works with all browser except firefox. I also added on the code the following line on 267..
FiddlerApplication.Prefs.SetBoolPref(“fiddler.certmaker.PreferCertEnroll”, true);
But no luck. I always get like the attached file. Can you please give me link of any demo applicatoin of FiddlerCore that works with Firefox.
You need to configure Firefox to trust FiddlerCore’s root certificate. Visit http://localhost:8877/ in that browser and click the link to download the FiddlerRoot.cer file. Then configure that root to be trusted to identify servers.
http://www.telerik.com/sfimages/default-source/blogs/22windows-live-writer-configuring-firefox_990c-image_24-png-png
Many thanks for the answer. Works perfectly. Only fact is, I have to trust the certificate every time, I build the application.
“I have to trust the certificate every time, I build the application.”
That generally isn’t the case, except that you’re using the CertMaker.dll/BCMakeCert.dll extension for generating certificates instead of using the built-in CertEnroll generator. (If you want to use that, simply remove the CertMaker.dll & BCMakeCert.dll from your app’s folder.
If you want to use the extension, see http://weblog.west-wind.com/posts/2014/Jul/29/Using-FiddlerCore-to-capture-HTTP-Requests-with-NET#Gotcha:FiddlerCoreCertificatesdon’tstickbyDefault for information on how to cache the root certificate.
Thanks a lot. This fixed the problem after an upgrade to 4.6.2 where it was not properly decrypting the traffic. I was only getting information about my certificate and the sites certificate (not the payload)
Is there a command line (using MakeCert.exe that does the same action?
Same action as what, exactly?
Makecert makes certificates. It does not otherwise manipulate certificate stores.
Can you elaborate on what you’re trying to achieve and why?
You are right, I got that wrong…
I’ve managed to solve the problem by installing the fiddler certificate on a new machine