10 Answers, 1 is accepted
0
Hi, Ram--
I don't know what you mean when you say "over the different tabs to remove all of them."
You can click "Remove interception certificates" to clear Fiddler's certificates.
You can type PREFS SET fiddler.CertMaker.CleanupServerCertsOnExit TRUE in QuickExec to have Fiddler clear the server certificates (not the root) from the Windows cert store when Fiddler exits. The downside is that generating certificates is slow, so recreating on every use is slow.
Your best bet is to install the Fiddler Certificate Maker addon: http://fiddler2.com/r/?fiddlercertmaker/. This addon does not store server certificates in the Windows store, and it shares a single key for all server certificates to improve performance.
Regards,
Eric Lawrence
Telerik
I don't know what you mean when you say "over the different tabs to remove all of them."
You can click "Remove interception certificates" to clear Fiddler's certificates.
You can type PREFS SET fiddler.CertMaker.CleanupServerCertsOnExit TRUE in QuickExec to have Fiddler clear the server certificates (not the root) from the Windows cert store when Fiddler exits. The downside is that generating certificates is slow, so recreating on every use is slow.
Your best bet is to install the Fiddler Certificate Maker addon: http://fiddler2.com/r/?fiddlercertmaker/. This addon does not store server certificates in the Windows store, and it shares a single key for all server certificates to improve performance.
Regards,
Eric Lawrence
Telerik
Check out the Telerik Platform - the only platform that combines a rich set of UI tools with powerful cloud services to develop web, hybrid and native mobile apps.
0
Ram
Top achievements
Rank 1
Rank 1
answered on 26 Feb 2015, 10:51 AM
Hi Eric,
Thanks for your help. I have a few issues with your answer.
> I don't know what you mean when you say "over the different tabs to remove all of them."
When you look at the certificates in your Windows store there are different tabs for different kinds of certificates, like root, ca, personal. I want to remove all of them when I'm done working with Fiddler because I want my browser setup to be secure.
> You can type PREFS SET fiddler.CertMaker.CleanupServerCertsOnExit TRUE in QuickExec to have Fiddler clear the server certificates (not the root) from the Windows cert store when Fiddler exits.
If it doesn't delete all the Fiddler certificates, it doesn't really accomplish my goal. I assume I'm not the only person out there who wants to remove all the Fiddler certificates from the Windows store when he's done using Fiddler.
> You can click "Remove interception certificates" to clear Fiddler's certificates.
Does this remove ALL the Fiddler certificates, including the root one?
> Your best bet is to install the Fiddler Certificate Maker addon: http://fiddler2.com/r/?fiddlercertmaker/. This addon does not store server certificates in the Windows store, and it shares a single key for all server certificates to improve performance.
I installed it but it doesn't seem to be doing anything. Does it have an interface? Where am I supposed to see any difference now that I've installed it?
Also, I checked out your addons page: http://www.telerik.com/fiddler/add-ons and saw no mention of it, otherwise I would try to read the documentation.
Thanks,
Ram.
Thanks for your help. I have a few issues with your answer.
> I don't know what you mean when you say "over the different tabs to remove all of them."
When you look at the certificates in your Windows store there are different tabs for different kinds of certificates, like root, ca, personal. I want to remove all of them when I'm done working with Fiddler because I want my browser setup to be secure.
> You can type PREFS SET fiddler.CertMaker.CleanupServerCertsOnExit TRUE in QuickExec to have Fiddler clear the server certificates (not the root) from the Windows cert store when Fiddler exits.
If it doesn't delete all the Fiddler certificates, it doesn't really accomplish my goal. I assume I'm not the only person out there who wants to remove all the Fiddler certificates from the Windows store when he's done using Fiddler.
> You can click "Remove interception certificates" to clear Fiddler's certificates.
Does this remove ALL the Fiddler certificates, including the root one?
> Your best bet is to install the Fiddler Certificate Maker addon: http://fiddler2.com/r/?fiddlercertmaker/. This addon does not store server certificates in the Windows store, and it shares a single key for all server certificates to improve performance.
I installed it but it doesn't seem to be doing anything. Does it have an interface? Where am I supposed to see any difference now that I've installed it?
Also, I checked out your addons page: http://www.telerik.com/fiddler/add-ons and saw no mention of it, otherwise I would try to read the documentation.
Thanks,
Ram.
0
Ram
Top achievements
Rank 1
Rank 1
answered on 26 Feb 2015, 10:51 AM
Hi Eric,
Thanks for your help. I have a few issues with your answer.
> I don't know what you mean when you say "over the different tabs to remove all of them."
When you look at the certificates in your Windows store there are different tabs for different kinds of certificates, like root, ca, personal. I want to remove all of them when I'm done working with Fiddler because I want my browser setup to be secure.
> You can type PREFS SET fiddler.CertMaker.CleanupServerCertsOnExit TRUE in QuickExec to have Fiddler clear the server certificates (not the root) from the Windows cert store when Fiddler exits.
If it doesn't delete all the Fiddler certificates, it doesn't really accomplish my goal. I assume I'm not the only person out there who wants to remove all the Fiddler certificates from the Windows store when he's done using Fiddler.
> You can click "Remove interception certificates" to clear Fiddler's certificates.
Does this remove ALL the Fiddler certificates, including the root one?
> Your best bet is to install the Fiddler Certificate Maker addon: http://fiddler2.com/r/?fiddlercertmaker/. This addon does not store server certificates in the Windows store, and it shares a single key for all server certificates to improve performance.
I installed it but it doesn't seem to be doing anything. Does it have an interface? Where am I supposed to see any difference now that I've installed it?
Also, I checked out your addons page: http://www.telerik.com/fiddler/add-ons and saw no mention of it, otherwise I would try to read the documentation.
Thanks,
Ram.
Thanks for your help. I have a few issues with your answer.
> I don't know what you mean when you say "over the different tabs to remove all of them."
When you look at the certificates in your Windows store there are different tabs for different kinds of certificates, like root, ca, personal. I want to remove all of them when I'm done working with Fiddler because I want my browser setup to be secure.
> You can type PREFS SET fiddler.CertMaker.CleanupServerCertsOnExit TRUE in QuickExec to have Fiddler clear the server certificates (not the root) from the Windows cert store when Fiddler exits.
If it doesn't delete all the Fiddler certificates, it doesn't really accomplish my goal. I assume I'm not the only person out there who wants to remove all the Fiddler certificates from the Windows store when he's done using Fiddler.
> You can click "Remove interception certificates" to clear Fiddler's certificates.
Does this remove ALL the Fiddler certificates, including the root one?
> Your best bet is to install the Fiddler Certificate Maker addon: http://fiddler2.com/r/?fiddlercertmaker/. This addon does not store server certificates in the Windows store, and it shares a single key for all server certificates to improve performance.
I installed it but it doesn't seem to be doing anything. Does it have an interface? Where am I supposed to see any difference now that I've installed it?
Also, I checked out your addons page: http://www.telerik.com/fiddler/add-ons and saw no mention of it, otherwise I would try to read the documentation.
Thanks,
Ram.
0
Ram
Top achievements
Rank 1
Rank 1
answered on 26 Feb 2015, 10:52 AM
(Sorry for the double post, your website gave me an error so I tried again and then there were 2 posts.)
0
Hi, Ram--
Yes, CertMgr.msc shows folders. Fiddler's certificates should only ever appear in the Personal folder; if you see them elsewhere, some other code on your system is putting them there.
CleanupServerCertsOnExit removes all certificates except the root; it does this on Fiddler's exit. Keep in mind that Certmgr.msc has some caching bugs whereby you need to restart the tool to see changes. If you find that certs aren't getting cleared, this indicates there is a bug or configuration problem in Windows.
The CertMaker add-on is documented here: http://blogs.telerik.com/fiddler/posts/13-08-19/faq---certificates-in-fiddler
Regards,
Eric Lawrence
Telerik
Yes, CertMgr.msc shows folders. Fiddler's certificates should only ever appear in the Personal folder; if you see them elsewhere, some other code on your system is putting them there.
CleanupServerCertsOnExit removes all certificates except the root; it does this on Fiddler's exit. Keep in mind that Certmgr.msc has some caching bugs whereby you need to restart the tool to see changes. If you find that certs aren't getting cleared, this indicates there is a bug or configuration problem in Windows.
The CertMaker add-on is documented here: http://blogs.telerik.com/fiddler/posts/13-08-19/faq---certificates-in-fiddler
Regards,
Eric Lawrence
Telerik
Check out the Telerik Platform - the only platform that combines a rich set of UI tools with powerful cloud services to develop web, hybrid and native mobile apps.
0
Ram
Top achievements
Rank 1
Rank 1
answered on 28 Feb 2015, 08:36 PM
Thank you Eric. But it seems like my main concern hasn't been answered. I want to have ALL the Fiddler certificates remove when I'm done working with Fiddler, including the root. (Which is the most important one to remove...) So the quickexec thing doesn't help.
I still didn't understand how my need is being answered by this addon. I have it installed and I don't understand what I should be seeing different except the note in the options that it's being used.
I still didn't understand how my need is being answered by this addon. I have it installed and I don't understand what I should be seeing different except the note in the options that it's being used.
0
1. Why do you believe it is important to remove the root? Have you read http://blogs.telerik.com/fiddler/posts/13-08-19/faq---certificates-in-fiddler to understand the security model for Fiddler certificates?
2. When you use the CertMaker addon, only the root is added to the Windows certificate store (and only if you allow it). In contrast, the built-in certificate maker MUST put all server certificates in a Windows certificate store (as they're generated using the Windows certificate API).
If you want to trust the Fiddler root but also want to remove it every time you close Fiddler, you can do so using FiddlerScript. In the OnShutdown method, add
Regards,
Eric Lawrence
Telerik
2. When you use the CertMaker addon, only the root is added to the Windows certificate store (and only if you allow it). In contrast, the built-in certificate maker MUST put all server certificates in a Windows certificate store (as they're generated using the Windows certificate API).
If you want to trust the Fiddler root but also want to remove it every time you close Fiddler, you can do so using FiddlerScript. In the OnShutdown method, add
CertMaker.removeFiddlerGeneratedCerts(true);
This will obviously make using Fiddler considerably less convenient.Regards,
Eric Lawrence
Telerik
Check out the Telerik Platform - the only platform that combines a rich set of UI tools with powerful cloud services to develop web, hybrid and native mobile apps.
0
Ram
Top achievements
Rank 1
Rank 1
answered on 03 Mar 2015, 08:57 PM
Now I understand more, but still not completely. I have read the post a few times. I played around with CertMaker now and confirmed it doesn't place the other certificates in the Windows store, this is very nice.
But: I don't have enough confidence that I'm safe when the Fiddler root certificate is in the Windows store. I know it's different for each install, but it's easy for you to trust this because it's your software. I would feel better if I knew that after using Fiddler, my system is clean from all Fiddler certificates.
So: Where do I find this OnShutdown method? Can I edit it with any text editor? Do I add the line at the end?
Thanks for your help,
Ram Rachum.
But: I don't have enough confidence that I'm safe when the Fiddler root certificate is in the Windows store. I know it's different for each install, but it's easy for you to trust this because it's your software. I would feel better if I knew that after using Fiddler, my system is clean from all Fiddler certificates.
So: Where do I find this OnShutdown method? Can I edit it with any text editor? Do I add the line at the end?
Thanks for your help,
Ram Rachum.
0
You should not run programs that you don't trust. See Law #1: https://technet.microsoft.com/library/cc722487.aspx#EKAA
FiddlerScript is edited by clicking Rules > Customize Rules.
Regards,
Eric Lawrence
Telerik
FiddlerScript is edited by clicking Rules > Customize Rules.
Regards,
Eric Lawrence
Telerik
Check out the Telerik Platform - the only platform that combines a rich set of UI tools with powerful cloud services to develop web, hybrid and native mobile apps.
0
Ram
Top achievements
Rank 1
Rank 1
answered on 03 Mar 2015, 09:42 PM
I did this and it worked. Thank you for your help Eric, and for answering all my followups!