Pending Review
Last Updated: 10 Apr 2022 14:30 by Eu
Created on: 08 Apr 2022 14:18
Type: Bug Report
Chrome from android 7.1.2 shows 'NET:ERR_CERT_AUTHORITY_INVALID' ,but Charles is OK

I want to capture the traffic from Android Phone, and already install Root Certificate as 'System Trusted Credintials' in /system/etc/security/cacerts (renamed like '269953fb.0' by md5).

Accessing the https page, It seems to behave well in a normal application and other browser (like XBrowser, a tiny volume browser, only 1.01MB) ,and which proves that the certificate is installed correctly, but in Chrome it prompts 'NET:ERR_CERT_AUTHORITY_INVALID'. As shown, it seems that Chrome does not associate the web certificate returned by Fiddler with the root certificate already installed on the system, but I use the same installation method in Charles, it behaves well and can browse https pages normally, it seems that Charles generates a different certificate than Fiddler? I used the command

'openssl x509 -inform der -text -in /mnt/d/Users/menEu/Desktop/FiddlerRoot.cer'

to see the difference and it doesn't seem to be a huge difference (but I'm not specialized in this area)

Posted on: 10 Apr 2022 14:30
Oh, it's solved, because fiddler doesn't get the access domain from the SNI field of TLS client hello, fiddler uses the ip address, which causes the browser to distrust the certificate, just enter [prefs set true] in QuickExec, you can let Fiddler provide the domain name certificate, everything is normal
Posted on: 09 Apr 2022 05:00
It was my mistake, I found that Xbrowser does not verify the certificate, I used firefox browser and the same certificate error was reported, this time he recognized Fiddler's root certificate, but it was displayed as an ip (in Charles this is displayed as a domain name), I think this may be the reason why chrome does not trust it, this time the error was reported as 'net::ERR_CERT_COMMON_NAME_INVALID'
Attached Files: