Unplanned
Last Updated: 23 Aug 2024 05:20 by ADMIN
Eric
Created on: 22 Aug 2024 19:03
Type: Bug Report
0
Fiddler generates invalid certificates after its root expires

Fiddler currently does not validate that the Fiddler Trusted Root Certificate is not expired when generating certificates, and it generates certificates that have an expiration that is after the expiration of the root certificate. These certificates will not work because the browser validates the expiration of each certificate in the chain.

Browsers have a poor error message for this case and will imply that the Site's certificate is expired when it's actually the ROOT that expired.

When it loads the root certificate, Fiddler should verify that it is not expired, and if it is, it should trigger the RESET ALL CERTIFICATES flow to help unblock the user from this situation.

It should also be changed such that the root certificate is valid for MUCH longer than the site certificates (e.g. 5 years for the root) so this is less likely to happen.

(If you look in the forums, users are hitting this problem and they are not sure why or how to fix it.)

0 comments