This is a migrated thread and some comments may be shown as answers.

HTTPS issues with Windows system proxy

12 Answers 2006 Views
Windows
This is a migrated thread and some comments may be shown as answers.
Chris
Top achievements
Rank 1
Chris asked on 12 Feb 2016, 03:41 PM

Posting this here as a last resort. I've been using Fiddler for years, but sometime in the past few months, it stopped decrypting all HTTPS traffic using the system proxy. I see the same issue on both my office computer running Win7 and my home machine running Win10. This is with Fiddler4. I suspect it was the result of a recent Fiddler update?

Chrome gives the error page: "Your connection is not private" NET::ERR_CERT_AUTHORITY_INVALID

 I've spent many hours trying every solution I could find online:

- Resetting all certificates with the reset button
- Unchecking 'decrypt HTTP traffic', removing certs, restart Fiddler, check 'decrypt' again
- Generating certs with different generators (CertEnroll, MakeCert)
- Exporting root cert and manually importing into certmgr
- Manually importing into Chrome cert settings

 I see the certificate in the Trusted Root Certificates folder in certmgr. I feel like I've tried everything. Have I missed something?

 

12 Answers, 1 is accepted

Sort by
0
Tsviatko Yovtchev
Telerik team
answered on 17 Feb 2016, 12:30 PM
Hello,

Is it just Chrome that does that? What about the other browsers?

Regards,
Tsviatko Yovtchev
Telerik
Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Feedback Portal and vote to affect the priority of the items
0
Chris
Top achievements
Rank 1
answered on 17 Feb 2016, 06:36 PM
I'm seeing this behaviour in both Chrome and IE. I don't have FF installed on this computer, but on my home machine, FF doesn't appear to be affected.
0
Tsviatko Yovtchev
Telerik team
answered on 22 Feb 2016, 02:55 PM
Hello,

So in FF you can open the very same HTTPS websites that end up with the warning message on IE and Chrome? 

Which version of FIddler does that? And can you recall what version you upgraded from?

Regards,
Tsviatko Yovtchev
Telerik
Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Feedback Portal and vote to affect the priority of the items
0
Chris
Top achievements
Rank 1
answered on 22 Feb 2016, 03:18 PM

Tsviatko, my apologies, I just tested on FF and get a similar error: (Error code: sec_error_bad_signature).

0
Tsviatko Yovtchev
Telerik team
answered on 25 Feb 2016, 03:36 PM
Hi,

Well it makes more sense now although that doesn't really make it any better :)

Which version of FIddler does that? And can you recall what version you upgraded from?

Here is a possible reason for this behavior  - https://textplain.wordpress.com/2015/10/30/reset-fiddlers-https-certificates/ . Judging by your post you followed the steps for regenerating certificates. Could you remove all fiddler related certificates and give it another try. Please, double check that the root certificate generated by Fiddler makes it to the trusted Authorities.

Regards,
Tsviatko Yovtchev
Telerik
Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Feedback Portal and vote to affect the priority of the items
0
Chris
Top achievements
Rank 1
answered on 29 Feb 2016, 09:28 PM

I'm seeing the issue since updating to v4.6.2.0. I update regularly, so I imagine I upgraded from the previous major version.

I followed the instructions on the page you linked to. I've previously tried the same and many other variations to try to get this to work. The (DO_NOT_TRUST_FiddlerRoot) certificate gets added to: Personal, Intermediate, and Trusted Root folders as viewed from Windows certmgr.

Interestingly, when I look at the certificates in Chrome (Chrome Settings/Advanced/HTTPS/Manage Certificates), I see the Fiddler cert in: Personal and Intermediate, but not in Trusted Root. I'm using the latest Chrome (Version 48.0.2564.116 m).

Needless to say, I still see the NET::ERR_CERT_AUTHORITY_INVALID error. :(

0
Tsviatko Yovtchev
Telerik team
answered on 02 Mar 2016, 05:27 PM
That is really weird. The previous major version also had the new certificate generation infrastructure.

I can send you the last official release before the certificate generation changes were made. Let's try finding out where exactly things stopped working for you.

Please, contact me at tsviatko.yovtchev [at] telerik.com.


Regards,
Tsviatko Yovtchev
Telerik
Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Feedback Portal and vote to affect the priority of the items
0
Chris
Top achievements
Rank 1
answered on 03 Mar 2016, 05:16 PM
Thanks Tsviatko, I appreciate it. Email sent!
0
Tony
Top achievements
Rank 2
answered on 26 Apr 2017, 08:26 AM

Have you guys tried these solutions?

It has an ignore tag: --ignore-certificate-errors, which can help us to bypass this error temporary for testing. Just add it to the shortcut icon.

0
Tsviatko Yovtchev
Telerik team
answered on 05 May 2017, 01:04 PM
One should have in mind that this options is quite unsafe.

Regards,
Tsviatko Yovtchev
Telerik by Progress
Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Feedback Portal and vote to affect the priority of the items
0
Chris
Top achievements
Rank 1
answered on 05 May 2017, 02:08 PM

I believe I have finally found the solution to this. Over the past couple years, I've had this behaviour occur now and then, usually after something updates (not sure what... probably Windows updates). Usually I'm able to get HTTPS working again by removing/installing new Fiddler certs multiple times, but I was never able to create reproducible steps to fix it.

I ran into the issue again yesterday and no matter what I did, I kept getting the NET::ERR_CERT_AUTHORITY_INVALID error as I did in the original post.

This morning I tried the following and it worked:

1. Fiddler Options / HTTPS / Disable 'Decrypt HTTPS traffic'

2. Fiddler Options / HTTPS / Actions / 'Remove Interception Certificate'

3. Reboot PC

4. Open command prompt with admin privileges and run: certutil -urlcache * delete (this will clear the Windows cert cache)

5. Reboot PC

6. Open Fiddler and re-enable 'Decrypt HTTPS traffic' -> Follow prompts to install cert

7. Reboot PC

8. Open Chrome, Open Fiddler, Profit!

0
Chris
Top achievements
Rank 1
answered on 11 May 2017, 06:34 PM
Alas, it wasn't meant to be. The solution only works temporarily. The next time I try to use Fiddler (next reboot, or next day, not sure), I start getting the NET::ERR_CERT_AUTHORITY_INVALID error again. :(
Tags
Windows
Asked by
Chris
Top achievements
Rank 1
Answers by
Tsviatko Yovtchev
Telerik team
Chris
Top achievements
Rank 1
Tony
Top achievements
Rank 2
Share this question
or