hopefully simple question about presenting client certs

3 posts, 0 answers
  1. Duane
    Duane avatar
    2 posts
    Member since:
    Jun 2015

    Posted 17 Jun 2015 Link to this post

    Basically, in the code for 

    Fiddler's HTTPS decryption feature also offers basic support for intercepting requests that require client certificates and responding with a client certificate from the machine running Fiddler.Selection of Client CertificateIf a .CER file has been specified for a given session as follows:

    oSession["https-Client-Certificate"] = "C:\\test\\someCert.cer";

    ...then Fiddler will simply use that certificate for the current session.


    What goes in place of https-Client-Certificate is it the host or the URL or is it something entirely different?

    I'm trying to use a client cert to get around a cert pinning issue and I want to know I'm coding it right before I admit defeat.


    Thanks in advance,



  2. Eric Lawrence
    Eric Lawrence avatar
    833 posts

    Posted 18 Jun 2015 Link to this post

    Hello, Duane--

    I think there's probably some confusion here:

    1. "Certificate Pinning" is a technique whereby a client verifies that the certificate coming from the server is a specific certificate (or chains to a specific root). Pinning can present problems for Fiddler's HTTPS interception because the pinning checks will usually fail when they find Fiddler's interception certificates.

    2. Client Certificates are certificates that the client sends to the server to identify itself. Use of client certificates requires extra work in Fiddler because you need to tell Fiddler which certificate to send to the server. Fiddler can send a client certificate to the server by specifying the local filename of that certificate in the https-Client-Certificate Session flag.

    Now, I'm guessing that maybe you're in a different scenario: Maybe you're saying: "I have the server's certificate and private key, and I would like to use Fiddler to use that so that the client's certificate pinning check does not fail." If that's the case, you can use the StoreCert method: please see this example.

    Eric Lawrence
    Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Feedback Portal and vote to affect the priority of the items
  3. Duane
    Duane avatar
    2 posts
    Member since:
    Jun 2015

    Posted 18 Jun 2015 in reply to Eric Lawrence Link to this post

    you are spot on. Thanks for the help.
Back to Top