HTTPS issues with Windows system proxy

9 posts, 0 answers
  1. Chris
    Chris avatar
    6 posts
    Member since:
    Feb 2016

    Posted 12 Feb Link to this post

    Posting this here as a last resort. I've been using Fiddler for years, but sometime in the past few months, it stopped decrypting all HTTPS traffic using the system proxy. I see the same issue on both my office computer running Win7 and my home machine running Win10. This is with Fiddler4. I suspect it was the result of a recent Fiddler update?

    Chrome gives the error page: "Your connection is not private" NET::ERR_CERT_AUTHORITY_INVALID

     I've spent many hours trying every solution I could find online:

    - Resetting all certificates with the reset button
    - Unchecking 'decrypt HTTP traffic', removing certs, restart Fiddler, check 'decrypt' again
    - Generating certs with different generators (CertEnroll, MakeCert)
    - Exporting root cert and manually importing into certmgr
    - Manually importing into Chrome cert settings

     I see the certificate in the Trusted Root Certificates folder in certmgr. I feel like I've tried everything. Have I missed something?

     

  2. Tsviatko Yovtchev
    Admin
    Tsviatko Yovtchev avatar
    408 posts

    Posted 17 Feb Link to this post

    Hello,

    Is it just Chrome that does that? What about the other browsers?

    Regards,
    Tsviatko Yovtchev
    Telerik
    Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Feedback Portal and vote to affect the priority of the items
  3. Chris
    Chris avatar
    6 posts
    Member since:
    Feb 2016

    Posted 17 Feb in reply to Tsviatko Yovtchev Link to this post

    I'm seeing this behaviour in both Chrome and IE. I don't have FF installed on this computer, but on my home machine, FF doesn't appear to be affected.
  4. Tsviatko Yovtchev
    Admin
    Tsviatko Yovtchev avatar
    408 posts

    Posted 22 Feb Link to this post

    Hello,

    So in FF you can open the very same HTTPS websites that end up with the warning message on IE and Chrome? 

    Which version of FIddler does that? And can you recall what version you upgraded from?

    Regards,
    Tsviatko Yovtchev
    Telerik
    Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Feedback Portal and vote to affect the priority of the items
  5. Chris
    Chris avatar
    6 posts
    Member since:
    Feb 2016

    Posted 22 Feb in reply to Tsviatko Yovtchev Link to this post

    Tsviatko, my apologies, I just tested on FF and get a similar error: (Error code: sec_error_bad_signature).

  6. Tsviatko Yovtchev
    Admin
    Tsviatko Yovtchev avatar
    408 posts

    Posted 25 Feb Link to this post

    Hi,

    Well it makes more sense now although that doesn't really make it any better :)

    Which version of FIddler does that? And can you recall what version you upgraded from?

    Here is a possible reason for this behavior  - https://textplain.wordpress.com/2015/10/30/reset-fiddlers-https-certificates/ . Judging by your post you followed the steps for regenerating certificates. Could you remove all fiddler related certificates and give it another try. Please, double check that the root certificate generated by Fiddler makes it to the trusted Authorities.

    Regards,
    Tsviatko Yovtchev
    Telerik
    Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Feedback Portal and vote to affect the priority of the items
  7. Chris
    Chris avatar
    6 posts
    Member since:
    Feb 2016

    Posted 29 Feb in reply to Tsviatko Yovtchev Link to this post

    I'm seeing the issue since updating to v4.6.2.0. I update regularly, so I imagine I upgraded from the previous major version.

    I followed the instructions on the page you linked to. I've previously tried the same and many other variations to try to get this to work. The (DO_NOT_TRUST_FiddlerRoot) certificate gets added to: Personal, Intermediate, and Trusted Root folders as viewed from Windows certmgr.

    Interestingly, when I look at the certificates in Chrome (Chrome Settings/Advanced/HTTPS/Manage Certificates), I see the Fiddler cert in: Personal and Intermediate, but not in Trusted Root. I'm using the latest Chrome (Version 48.0.2564.116 m).

    Needless to say, I still see the NET::ERR_CERT_AUTHORITY_INVALID error. :(

  8. Tsviatko Yovtchev
    Admin
    Tsviatko Yovtchev avatar
    408 posts

    Posted 02 Mar Link to this post

    That is really weird. The previous major version also had the new certificate generation infrastructure.

    I can send you the last official release before the certificate generation changes were made. Let's try finding out where exactly things stopped working for you.

    Please, contact me at tsviatko.yovtchev [at] telerik.com.


    Regards,
    Tsviatko Yovtchev
    Telerik
    Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Feedback Portal and vote to affect the priority of the items
  9. Chris
    Chris avatar
    6 posts
    Member since:
    Feb 2016

    Posted 03 Mar in reply to Tsviatko Yovtchev Link to this post

    Thanks Tsviatko, I appreciate it. Email sent!
Back to Top