Cert error when using Fiddler with the AWS CLI

3 posts, 1 answers
  1. Mike
    Mike avatar
    2 posts
    Member since:
    May 2014

    Posted 20 May 2014 Link to this post

    This seems like a new problem, because I am sure this used to work. I'm using the Amazon Web Services command-line interface (CLI). This makes https calls using Python. If Fiddler is running, I can see 200 responses that show that tunneling is working, and I get the correct results for the command. However, if then enable decryption, things go south. I get a string of 5 tunnel requests (all with 200 responses):

          CONNECT iam.amazonaws.com:443 HTTP/1.0
          Host: iam.amazonaws.com:443
          A SSLv2-compatible ClientHello handshake was found. Fiddler extracted the parameters below.
          Version: 3.1 (TLS/1.0)
    etc.

    After 5 attempts, the command itself on the command line returns this error:

    [Errno 1] _ssl.c:504: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed

    Is there something I can do to configure Fiddler _with_ HTTPS decryption that will work with the AWS CLI?










  2. Answer
    Eric Lawrence
    Admin
    Eric Lawrence avatar
    833 posts

    Posted 20 May 2014 Link to this post

    Hello,

    You need to configure Python to trust the Fiddler root certificate (http://FiddlerIP:8888/FiddlerRoot.cer), or set whatever option in Python disables certificate verification checks.

    Regards,
    Eric Lawrence
    Telerik
     

    Check out the Telerik Platform - the only platform that combines a rich set of UI tools with powerful cloud services to develop web, hybrid and native mobile apps.

     
  3. Mike
    Mike avatar
    2 posts
    Member since:
    May 2014

    Posted 20 May 2014 in reply to Eric Lawrence Link to this post

    Thanks, Eric. For anyone else who might encounter this, in the AWS CLI, that can be done by adding the --no-verify-ssl option to a command, like this:

    aws iam list-users --no-verify-ssl

    Regards,

    Mike
Back to Top