Fiddler 4 Certificate error on Windows

8

I am using Fiddler to monitor HTTPS traffic for our private project. After upgrading to Windows 10 and installing Fiddler, I am unable to create a root certificate. I tried using Both CertEnroll and MakeCert and both returned that they cannot create a root certificate:

09:53:54:2275 Fiddler.CertMaker> [C:\Program Files (x86)\Fiddler2\MakeCert.exe -r -ss my -n "CN=DO_NOT_TRUST_FiddlerRoot, O=DO_NOT_TRUST, OU=Created by http://www.fiddler2.com" -sky signature -eku 1.3.6.1.5.5.7.3.1 -h 1 -cy authority -a sha256 -m 132 -b 01/07/2015 ] Returned Error: Creation of the interception certificate failed.

makecert.exe returned -1.

Results from C:\Program Files (x86)\Fiddler2\MakeCert.exe -r -ss my -n "CN=DO_NOT_TRUST_FiddlerRoot, O=DO_NOT_TRUST, OU=Created by http://www.fiddler2.com" -sky signature -eku 1.3.6.1.5.5.7.3.1 -h 1 -cy authority -a sha256 -m 132 -b 01/07/2015

Error: Can't create the key of the subject ('JoeSoft') Failed

AND

09:43:37:0332 /Fiddler.CertMaker> Invoking CertEnroll for Subject: CN=DO_NOT_TRUST_FiddlerRoot, O=DO_NOT_TRUST, OU=Created by http://www.fiddler2.com; Thread's ApartmentState: MTA 09:43:39:0853 !ERROR: Failed to generate Certificate using CertEnroll. System.Reflection.TargetInvocationException Exception has been thrown by the target of an invocation. < CertEnroll::CX509PrivateKey::Create: The requested operation cannot be completed. The computer must be trusted for delegation and the current user account must be configured to allow delegation. 0x80090345 (-2146892987 SEC_E_DELEGATION_REQUIRED)

Every time when changing the service I Reset All Certificates and/or Removed Interception Certificates. Also the key in AppData/Roaming/Microsoft/Crypt/RSA/{LONG_ID} is nowhere to be found (the folder is always empty). After browsing through forums, I followed some instructions and downloaded the Bouncy Castle Certificate Maker (the one suggested for Android) and that one created 2 root certificates and added them to Windows so they will be trusted. After doing so, all my HTTPS traffic looked like HTTP with tunneling. When looking into that issue, I found that in Text view it said

"This is a CONNECT tunnel, through which encrypted HTTPS traffic flows. Fiddler's HTTPS Decryption feature is enabled, but this specific tunnel was configured not to be decrypted. Settings can be found inside Tools > Fiddler Options > HTTPS."

AND the logger returned a few of the following:

"10:02:38:5419 !Certificate cache didn't find certificate for [server.com]. Returning null to thread #30. ___ 10:02:38:5419 fiddler.https> Failed to obtain certificate for server.com due to Certificate Maker returned null when asked for a certificate for server.com"

"Failed to create certificate for server.com: The requested operation cannot be completed. The computer must be trusted for delegation and the current user account must be configured to allow delegation."

In the properties of a tunneling connection, I found

"X-HTTPS-DECRYPTION-ERROR: Could not find or generate interception certificate."

Do you have any solutions for me? I'd really appreciate it. Thank you! :)

windows
https
fiddler

3 Answers

11

Well, it seems that in the end it was a Windows Issue. My PC is part of the company Domain and even though my user was an Administrator of this PC, not everything was fully functional (for example I could run as Administrator any app with no problem, but couldn't create a Root Certificate). The issue was found by my colleague in the Windows Credentials Manager and he fixed it with the following Registration Entry (.reg):

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Protect\Providers\df9d8cd0-1501-11d1-8c7a-00c04fc297eb]
"ProtectionPolicy"=dword:00000001

I hope this helps someone avoid hours of searching on the internet for a fix.

answered on Stack Overflow Jan 11, 2016 by Sebastian Luke
2

Reset All Cerificates

You need to reset Fiddler Root Certificate , After that everything will be fine

answered on Stack Overflow Aug 5, 2016 by Raaghu
1

It is a Windows issue: my company has just released an update to its version of Windows10 and I started seeing the certificate errors described above. Editing the registry was the only think that made Fiddler and website navigation work again

answered on Stack Overflow May 5, 2017 by krazyk4tlady

User contributions licensed under CC BY-SA 3.0