I had the same issue on Windows 10. It happens to be due to the AWS not reading the internet proxy setting from the Windows registry. Fixed same error by setting the environment variables HTTP_PROXY and HTTPS_PROXY to the corporate internet proxy. Hope it helps somebody!
This seems like a new problem, because I am sure this used to work. I'm using the Amazon Web Services command-line interface (CLI). This makes https calls using Python. If Fiddler is running, I can see 200 responses that show that tunneling is working, and I get the correct results for the command. However, if then enable decryption, things go south. I get a string of 5 tunnel requests (all with 200 responses):
CONNECT iam.amazonaws.com:443 HTTP/1.0
Host: iam.amazonaws.com:443
A SSLv2-compatible ClientHello handshake was found. Fiddler extracted the parameters below.
Version: 3.1 (TLS/1.0)
etc.
After 5 attempts, the command itself on the command line returns this error:
[Errno 1] _ssl.c:504: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
Is there something I can do to configure Fiddler _with_ HTTPS decryption that will work with the AWS CLI?
CONNECT iam.amazonaws.com:443 HTTP/1.0
Host: iam.amazonaws.com:443
A SSLv2-compatible ClientHello handshake was found. Fiddler extracted the parameters below.
Version: 3.1 (TLS/1.0)
etc.
After 5 attempts, the command itself on the command line returns this error:
[Errno 1] _ssl.c:504: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
Is there something I can do to configure Fiddler _with_ HTTPS decryption that will work with the AWS CLI?
3 Answers, 1 is accepted
0
Accepted
Hello,
You need to configure Python to trust the Fiddler root certificate (http://FiddlerIP:8888/FiddlerRoot.cer), or set whatever option in Python disables certificate verification checks.
Regards,
Eric Lawrence
Telerik
You need to configure Python to trust the Fiddler root certificate (http://FiddlerIP:8888/FiddlerRoot.cer), or set whatever option in Python disables certificate verification checks.
Regards,
Eric Lawrence
Telerik
Check out the Telerik Platform - the only platform that combines a rich set of UI tools with powerful cloud services to develop web, hybrid and native mobile apps.
0
Mike
Top achievements
Rank 1
Rank 1
answered on 20 May 2014, 01:00 PM
Thanks, Eric. For anyone else who might encounter this, in the AWS CLI, that can be done by adding the --no-verify-ssl option to a command, like this:
aws iam list-users --no-verify-ssl
Regards,
Mike
aws iam list-users --no-verify-ssl
Regards,
Mike
0
surbhi
Top achievements
Rank 1
Iron
Rank 1
Iron
answered on 27 Sep 2021, 09:06 AM
Hi,
Nick Iliev
commented on 27 Sep 2021, 10:28 AM
Telerik team
We've recently created this KB article about setting up Fiddler Everywhere alongside AWS CLI but the very same concept is applicable for Fiddler Classic as well.
https://docs.telerik.com/fiddler-everywhere/knowledge-base/capturing-aws-traffic
Note that as AWS CLI is used through a terminal application the first thing you need to do is to set the environment variables so that they can be respected from your terminal:
https://docs.telerik.com/fiddler-everywhere/knowledge-base/how-to-set-macos-terminal