HTTPS issues with Windows system proxy

13 posts, 0 answers
  1. Chris
    Chris avatar
    8 posts
    Member since:
    Feb 2016

    Posted 12 Feb 2016 Link to this post

    Posting this here as a last resort. I've been using Fiddler for years, but sometime in the past few months, it stopped decrypting all HTTPS traffic using the system proxy. I see the same issue on both my office computer running Win7 and my home machine running Win10. This is with Fiddler4. I suspect it was the result of a recent Fiddler update?

    Chrome gives the error page: "Your connection is not private" NET::ERR_CERT_AUTHORITY_INVALID

     I've spent many hours trying every solution I could find online:

    - Resetting all certificates with the reset button
    - Unchecking 'decrypt HTTP traffic', removing certs, restart Fiddler, check 'decrypt' again
    - Generating certs with different generators (CertEnroll, MakeCert)
    - Exporting root cert and manually importing into certmgr
    - Manually importing into Chrome cert settings

     I see the certificate in the Trusted Root Certificates folder in certmgr. I feel like I've tried everything. Have I missed something?

     

  2. Tsviatko Yovtchev
    Admin
    Tsviatko Yovtchev avatar
    522 posts

    Posted 17 Feb 2016 Link to this post

    Hello,

    Is it just Chrome that does that? What about the other browsers?

    Regards,
    Tsviatko Yovtchev
    Telerik
    Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Feedback Portal and vote to affect the priority of the items
  3. Chris
    Chris avatar
    8 posts
    Member since:
    Feb 2016

    Posted 17 Feb 2016 in reply to Tsviatko Yovtchev Link to this post

    I'm seeing this behaviour in both Chrome and IE. I don't have FF installed on this computer, but on my home machine, FF doesn't appear to be affected.
  4. Tsviatko Yovtchev
    Admin
    Tsviatko Yovtchev avatar
    522 posts

    Posted 22 Feb 2016 Link to this post

    Hello,

    So in FF you can open the very same HTTPS websites that end up with the warning message on IE and Chrome? 

    Which version of FIddler does that? And can you recall what version you upgraded from?

    Regards,
    Tsviatko Yovtchev
    Telerik
    Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Feedback Portal and vote to affect the priority of the items
  5. Chris
    Chris avatar
    8 posts
    Member since:
    Feb 2016

    Posted 22 Feb 2016 in reply to Tsviatko Yovtchev Link to this post

    Tsviatko, my apologies, I just tested on FF and get a similar error: (Error code: sec_error_bad_signature).

  6. Tsviatko Yovtchev
    Admin
    Tsviatko Yovtchev avatar
    522 posts

    Posted 25 Feb 2016 Link to this post

    Hi,

    Well it makes more sense now although that doesn't really make it any better :)

    Which version of FIddler does that? And can you recall what version you upgraded from?

    Here is a possible reason for this behavior  - https://textplain.wordpress.com/2015/10/30/reset-fiddlers-https-certificates/ . Judging by your post you followed the steps for regenerating certificates. Could you remove all fiddler related certificates and give it another try. Please, double check that the root certificate generated by Fiddler makes it to the trusted Authorities.

    Regards,
    Tsviatko Yovtchev
    Telerik
    Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Feedback Portal and vote to affect the priority of the items
  7. Chris
    Chris avatar
    8 posts
    Member since:
    Feb 2016

    Posted 29 Feb 2016 in reply to Tsviatko Yovtchev Link to this post

    I'm seeing the issue since updating to v4.6.2.0. I update regularly, so I imagine I upgraded from the previous major version.

    I followed the instructions on the page you linked to. I've previously tried the same and many other variations to try to get this to work. The (DO_NOT_TRUST_FiddlerRoot) certificate gets added to: Personal, Intermediate, and Trusted Root folders as viewed from Windows certmgr.

    Interestingly, when I look at the certificates in Chrome (Chrome Settings/Advanced/HTTPS/Manage Certificates), I see the Fiddler cert in: Personal and Intermediate, but not in Trusted Root. I'm using the latest Chrome (Version 48.0.2564.116 m).

    Needless to say, I still see the NET::ERR_CERT_AUTHORITY_INVALID error. :(

  8. Tsviatko Yovtchev
    Admin
    Tsviatko Yovtchev avatar
    522 posts

    Posted 02 Mar 2016 Link to this post

    That is really weird. The previous major version also had the new certificate generation infrastructure.

    I can send you the last official release before the certificate generation changes were made. Let's try finding out where exactly things stopped working for you.

    Please, contact me at tsviatko.yovtchev [at] telerik.com.


    Regards,
    Tsviatko Yovtchev
    Telerik
    Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Feedback Portal and vote to affect the priority of the items
  9. Chris
    Chris avatar
    8 posts
    Member since:
    Feb 2016

    Posted 03 Mar 2016 in reply to Tsviatko Yovtchev Link to this post

    Thanks Tsviatko, I appreciate it. Email sent!
  10. Tony
    Tony avatar
    2 posts
    Member since:
    Jun 2016

    Posted 26 Apr Link to this post

    Have you guys tried these solutions?

    It has an ignore tag: --ignore-certificate-errors, which can help us to bypass this error temporary for testing. Just add it to the shortcut icon.

  11. Tsviatko Yovtchev
    Admin
    Tsviatko Yovtchev avatar
    522 posts

    Posted 05 May Link to this post

    One should have in mind that this options is quite unsafe.

    Regards,
    Tsviatko Yovtchev
    Telerik by Progress
    Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Feedback Portal and vote to affect the priority of the items
  12. Chris
    Chris avatar
    8 posts
    Member since:
    Feb 2016

    Posted 05 May Link to this post

    I believe I have finally found the solution to this. Over the past couple years, I've had this behaviour occur now and then, usually after something updates (not sure what... probably Windows updates). Usually I'm able to get HTTPS working again by removing/installing new Fiddler certs multiple times, but I was never able to create reproducible steps to fix it.

    I ran into the issue again yesterday and no matter what I did, I kept getting the NET::ERR_CERT_AUTHORITY_INVALID error as I did in the original post.

    This morning I tried the following and it worked:

    1. Fiddler Options / HTTPS / Disable 'Decrypt HTTPS traffic'

    2. Fiddler Options / HTTPS / Actions / 'Remove Interception Certificate'

    3. Reboot PC

    4. Open command prompt with admin privileges and run: certutil -urlcache * delete (this will clear the Windows cert cache)

    5. Reboot PC

    6. Open Fiddler and re-enable 'Decrypt HTTPS traffic' -> Follow prompts to install cert

    7. Reboot PC

    8. Open Chrome, Open Fiddler, Profit!

  13. Chris
    Chris avatar
    8 posts
    Member since:
    Feb 2016

    Posted 11 May Link to this post

    Alas, it wasn't meant to be. The solution only works temporarily. The next time I try to use Fiddler (next reboot, or next day, not sure), I start getting the NET::ERR_CERT_AUTHORITY_INVALID error again. :(
Back to Top