Get Help with HTTPS problems

Sometimes, when you try to load a HTTPS address in Chrome, instead of the expected page, you get a scary warning, like this one: Chrome has found a problem with the security of the connection and has blocked loading the page to protect your information. In a lot of cases, if you’re just surfing around,Continue reading “Get Help with HTTPS problems”

Chrome Deprecates Subject CN Matching

If you’re using a Self-Signed certificate for your HTTPS server, a deprecation coming to Chrome may affect your workflow. Chrome 58 will require [why?] that certificates specify the hostname(s) to which they apply in the SubjectAltName field; values in the Subject field will be ignored. This follows a similar change in Firefox 48. If impacted,Continue reading “Chrome Deprecates Subject CN Matching”

The Trouble with Magic

“Magic” is great… except when it isn’t. Software Design is largely about tradeoffs, and one of the more interesting tradeoffs is between user experience and predictability. This has come up repeatedly throughout my career and in two independent contexts yesterday that I’ll describe in this post. Developer Magic I’m working on a tiny UX changeContinue reading “The Trouble with Magic”

Client Certificates on Android

Recently, this interesting tidbit crossed my Twitter feed: Sure enough, if you visited the site in Chrome, you’d get a baffling prompt. My hometown newspaper shows the same thing: Weird, huh? Client certificates are a way for a browser to supply a certificate to the server to verify the client’s identity (in the typical case,Continue reading “Client Certificates on Android”

Extended Validation Certificates – The Introduction

In 2005, one of my first projects on the Internet Explorer team was improving the user-experience for HTTPS sites (“SSLUX”). Our first task was to change the certificate error experience from the confusing and misleading modal dialog box: … to something that more clearly conveyed the risk and which more clearly discouraged users from acceptingContinue reading “Extended Validation Certificates – The Introduction”

Reset Fiddler’s HTTPS certificates

I’ve made changes to the latest versions of Fiddler to improve the performance of certificate creation, and to avoid problems with new certificate validation logic coming to Chrome and Firefox. The biggest of the Fiddler changes is that CertEnroll is now the default certificate generator on Windows 7 and later. Unfortunately, this change can causeContinue reading “Reset Fiddler’s HTTPS certificates”

Fiddler Certificate Generators

Fiddler and FiddlerCore offer three different choices for generating interception certificates: MakeCert CertEnroll Bouncy Castle If you’re so inclined, you can even write your own certificate generator (say, by wrapping OpenSSL) and expose it to Fiddler using the ICertificateProvider3 interface. On Windows, Fiddler includes the MakeCert and CertEnroll certificate generators by default; you can downloadContinue reading “Fiddler Certificate Generators”