Completed
Last Updated: 16 May 2025 08:02 by ADMIN
Marin
Created on: 07 Jan 2025 16:13
Type: Feature Request
1
Ability to add the Fiddler RCA to the Local Machine store, not only the Current User store

Perhaps a checkbox in the confirmation dialog "are you sure you want to add the rca to your user" could have a checkbox like 'also add to the Local Machine store".

Applies to Fiddler Everywhere and, more importantly for me, to Fiddler Everywhere Reporter.

In my use case, I need the cert there as well to get traffic from a process that runs as a service.

As things stand, I need to (instruct non-technical end users) to export the cert and manually add it to the Local Machine store and I would rather it were simpler.

 

 

9 comments
Marin
Posted on: 15 May 2025 20:52

Thanks, Nick!

We couldn't find something specific, so at this point I can only hope that I do get this into use with end users and that it JustWorks™️:) If all else fails, i can also document instructions for manual installation of the certificate.

I would say we can mark this feature request as completed, as there is a one-click capability to achieve this in both tools, and if something comes up later, we can perhaps log it separately.

Best,

Marin

ADMIN
Nick Iliev
Posted on: 15 May 2025 08:53

Hi Marin,

 

We will monitor this one and conduct additional test (so far not being able to reproduce the issue within several different environments). Meanwhiloe, let us know if you managed to pinpoint a specific security policy or other reason why that might be happening on your side.

 

Regards,
Nick Iliev
Progress Telerik

Love the Telerik and Kendo UI products and believe more people should try them? Invite a fellow developer to become a Progress customer and each of you can get a $50 Amazon gift voucher.

Marin
Posted on: 09 May 2025 15:10

I tried that, didn't help.

Then I deleted everything under

C:\Users\<my user name>\AppData\Local\Temp\FiddlerEverywhereReporter

which had the funny effect that now a certificate is added to both stores (user and machine) when i use the menu.

The problem is that it does not work, it is likely broken somehow, because the CONNECT request does not manage to connect and get a response, and even more interestingly - this happens to both stores (user and machine).

The netcore.log has this line for each connect attempt

[2025-05-09 17:59:37:941] [Error] [Fiddler] !SecureClientPipeDirect failed: System.IO.IOException Received an unexpected EOF or 0 bytes from the transport stream. for pipe (CN=*.<the actual CN of the real server>, O=Progress Telerik Fiddler, OU=Created by http://www.fiddler2.com)

I tried a colleague's machine and it had the same issue too.

I will also ping my local IT team in case they know what security hardening may eb in place around this, but I can add the cert to the store myself (export it to desktop, double click, ...) so I do have the rights to do it.

--Marin

ADMIN
Nick Iliev
Posted on: 09 May 2025 11:08

Hey Marin,

 

The error in the netcore.log does not seem related to the issue, but just in case, you could try explicitly deleting the file mentioned in the error (specifically C:\Users\<my user name>\AppData\Local\Temp\FiddlerEverywhereReporter\Certificates\RootCertificate.p12) and then retry the CA installation. Still, the issue seems most likely related to having limited privileges to install a certificate in the machine store. We will continue our internal tests and I will update this thread should we have more insights.

Regards,
Nick Iliev
Progress Telerik

Love the Telerik and Kendo UI products and believe more people should try them? Invite a fellow developer to become a Progress customer and each of you can get a $50 Amazon gift voucher.

Marin
Posted on: 09 May 2025 10:29

Thanks, Nick, I expected 'run as administrator' to be needed but it didn't help, I tried before putting in the post. I also did try restarting mmc, and fiddler couldn't capture the traffic (it didn't go through even, both symptoms of the cert missing).

There is a chance some security hardening on the system is causing this, I guess.

Do you have some logging in Fiddler I can send you that may help see what happened (e.g., to help at least get a better message - such as that the operation failed - if not a fix)? Or maybe procmon?

There is an exception in the netcore.log from C:\Users\<my user name>\AppData\Roaming\Fiddler Everywhere Reporter\logs

perhaps it is from that operation - I first trusted to the user store (worked). But it likely stems from me having done these before and I am not sure it should/would break the machine store trust operation.

--Marin

Attached Files:
ADMIN
Nick Iliev
Posted on: 09 May 2025 10:05

Hey Marin,

 

Adding the Fiddler CA to the machine store will require Fiddler Reporter to be ran as administrators, but then once the option Certificate > Trust CA Certificate > in the Machine Store is used it won't prompt for a confirmation as it already has administrative privilegies.

On my side the above successfully added the Fiddler CA in the machine store, but I had to restart the MMC on Windows 11 for the certificate to be properly listed.

And then the Fiddler Reporter was able to capture and decrypt HTTPS traffic while using the CA from the machine store

 

Regards,
Nick Iliev
Progress Telerik

Love the Telerik and Kendo UI products and believe more people should try them? Invite a fellow developer to become a Progress customer and each of you can get a $50 Amazon gift voucher.

Marin
Posted on: 08 May 2025 15:43

I see that 1.2.0 of Reporter got this feature, love that!

But it does not seem to work. It does not trigger the UAC prompt, it does not trigger the confirmation dialog ("are you sure you want to trust this custom rca") that the command to add to the user store triggers, and it does not add the cert to the machine store, even when Reporter is ran as administrator.

Best,
Marin

Marin
Posted on: 09 Jan 2025 13:21

Thanks Maria, that button is new (to me, I had not noticed that since the last time i trusted the FE cert).

My primary need is for the Reporter, so I clumped those together.

Best,
Marin

ADMIN
Maria
Posted on: 09 Jan 2025 11:53

Hi Marin,

Thank you very much for your feedback!

Currently in Fiddler Everywhere there is an  option to trust the certificate in the machine store on windows. It is available in the Settings window:

But you are correct the option is not exposed in the current version of Fiddler Everywhere Reporter. It makes sense implementing it so I will log an item in our backlog and we will consider it for future releases.

Regards, Maria Endarova Progress Telerik

Love the Telerik and Kendo UI products and believe more people should try them? Invite a fellow developer to become a Progress customer and each of you can get a $50 Amazon gift voucher.