Unable to install certificate for decrypting HTTPS traffic

Progress® Telerik® Fiddler™ Classic Feedback Portal

Create an account Log In

Back to Feed

Request a Feature Report a Bug

Under Review

Last Updated: 22 Nov 2016 06:00 by Eric

Imported User

Created on: 18 Nov 2016 21:44

Type: Feature Request

Unable to install certificate for decrypting HTTPS traffic

When enabling HTTPS decryption I click on the Yes button of the "Trust the Fiddler Root certificate" dialog but get an error saying "Unable to configure Windows to Trust the Fiddler Root certificate". The log window has:

-= Fiddler Event Log =-
See http://fiddler2.com/r/?FiddlerLog for details.

07:37:58:8472 Fiddler Running...
07:37:58:9953 HTTPSLint> Warning: ClientHello record was 508 bytes long. Some servers have problems with ClientHello's greater than 255 bytes. https://github.com/ssllabs/research/wiki/Long-Handshake-Intolerance
07:37:58:9963 Assembly 'C:\Program Files (x86)\Fiddler2\CertMaker.dll' was not found. Using default Certificate Generator.
07:37:59:0003 /Fiddler.CertMaker> Using .+ for certificate generation; UseWildcards=True.
07:37:59:1693 !SecureClientPipeDirect failed: System.Security.Authentication.AuthenticationException A call to SSPI failed, see inner exception. < The certificate chain was issued by an authority that is not trusted for pipe (CN=*.icrc.trendmicro.com, O=DO_NOT_TRUST, OU=Created by http://www.fiddler2.com).
07:37:59:2073 HTTPSLint> Warning: ClientHello record was 508 bytes long. Some servers have problems with ClientHello's greater than 255 bytes. https://github.com/ssllabs/research/wiki/Long-Handshake-Intolerance
07:37:59:2333 !SecureClientPipeDirect failed: System.Security.Authentication.AuthenticationException A call to SSPI failed, see inner exception. < The certificate chain was issued by an authority that is not trusted for pipe (CN=*.icrc.trendmicro.com, O=DO_NOT_TRUST, OU=Created by http://www.fiddler2.com).
07:38:05:0616 /Fiddler.CertMaker> Root Certificate located; private key in container 'c57aee424c14cd2a2c75ea01bc34e0a7_fba9d939-5fd3-4f67-b971-af140ea221a0'
07:38:06:3487 !Fiddler.CertMaker> Unable to auto-trust root: System.Security.Cryptography.CryptographicException: Access is denied.

at System.Security.Cryptography.X509Certificates.X509Store.Add(X509Certificate2 certificate)
at ..TrustRootCertificate() in c:\JenkinsHome\jobs\FiddlerReleaseBuild\workspace\Fiddler2\Common\Core\DefaultCertProvider.cs:line 970
07:38:38:6325 [Fiddler] No HTTPS request was received from (firefox:9236) new client socket, port 19060.

1 comment

Eric

Posted on: 22 Nov 2016 06:00

Is this a corporate PC or otherwise managed by Group Policy?

07:38:06:3487 !Fiddler.CertMaker> Unable to auto-trust root: System.Security.Cryptography.CryptographicException: Access is denied.

Implies that either some security software (perhaps TrendMicro) got in the way, or possibly that you declined a Windows Elevation prompt? Do you see the same if you run Fiddler as an administrator?

You might try using the Actions button to export the Fiddler root certificate to your desktop, then run certmgr.msc and drag/drop that certificate into the Trusted Root Certification Authorities folder.

For what it's worth, if you're using Firefox, the process for trusting the root is different: http://www.telerik.com/blogs/configuring-firefox-for-fiddler