"makecert.exe returned -1" When attempting to decrypt HTTPS Traffic

7 posts, 1 answers
  1. David
    David avatar
    4 posts
    Member since:
    Mar 2011

    Posted 09 Jun 2014 Link to this post

    Whenever I attempt to decrypt HTTPS traffic with Fiddler (something that once upon a time worked for me) I get an error very similar to the following:

    Creation of the interception certificate failed.

    makecert.exe returned -1.

    Results from C:\Program Files (x86)\Fiddler2\MakeCert.exe -pe -ss my -n "CN=manage.windowsazure.com, O=DO_NOT_TRUST, OU=Created by http://www.fiddler2.com" -sky exchange -in DO_NOT_TRUST_FiddlerRoot -is my -eku 1.3.6.1.5.5.7.3.1 -cy end -a sha1 -m 132 -b 06/08/2013

    Error: Fail to acquire a security provider from the issuer's certificate
    Failed
    --------------------------------------------------------

    I have already attempted the repair steps documented here to no avail: http://stackoverflow.com/questions/5519418/fiddler2-unable-to-generate-certificate

  2. David
    David avatar
    4 posts
    Member since:
    Mar 2011

    Posted 09 Jun 2014 Link to this post

    The link in my original post is bad, here is an updated one: http://stackoverflow.com/questions/5519418/fiddler2-unable-to-generate-certificate
  3. Answer
    Eric Lawrence
    Admin
    Eric Lawrence avatar
    833 posts

    Posted 09 Jun 2014 Link to this post

    Hello, David--

    The error message in question is typically seen when a 3rd party PKI security package is installed and interfering with the creation of certificates.

    It's not clear to me what exactly you've tried so far. Often, the simplest fix is to just install the Fiddler CertMaker add-on: http://fiddler2.com/r/?fiddlercertmaker


    Regards,
    Eric Lawrence
    Telerik
     

    Check out the Telerik Platform - the only platform that combines a rich set of UI tools with powerful cloud services to develop web, hybrid and native mobile apps.

     
  4. David
    David avatar
    4 posts
    Member since:
    Mar 2011

    Posted 09 Jun 2014 in reply to Eric Lawrence Link to this post

    Eric,

    Beautiful.  It seems my problem is solved.

    Thank you!

    David C
  5. Neil
    Neil avatar
    4 posts
    Member since:
    Feb 2015

    Posted 09 Feb 2015 Link to this post

    Old post, sorry, but I am looking for some more help.  I also had this working at one point and it broke.  Now I do believe it has to do with soem security changes at work, however, I follwoed these instructions which then fixed the issue of the makecert.exe errors.

    However, now any SSL traffic within my browser (or phone, when I connect remotely) are not working due to the normal "Your connection is not private" error which does not allow me to continue either within a desktop browser, or my phone (Android)

    I have already installed Fiddler's root certificate in both my laptops "Trusted" cert store and installed it on Android, for both "Wi-fi" and "VPN and Apps" but it does not seem to be working.
  6. Eric Lawrence
    Admin
    Eric Lawrence avatar
    833 posts

    Posted 09 Feb 2015 Link to this post

    It would be best to start a new post rather than reviving an old post on an unrelated error.

    If you send the exact text of the error page in Internet Explorer, I'd be happy to help you. Please be sure to include your Fiddler version number from Help > About, as well as the text from Fiddler's LOG tab.

    Typically, the problem is that the client has previously trusted an old (and different) Fiddler root certificate and you need to remove that old certificate before attempting to trust the new one.

    Regards,
    Eric Lawrence
    Telerik
     

    Check out the Telerik Platform - the only platform that combines a rich set of UI tools with powerful cloud services to develop web, hybrid and native mobile apps.

     
  7. Neil
    Neil avatar
    4 posts
    Member since:
    Feb 2015

    Posted 09 Feb 2015 in reply to Eric Lawrence Link to this post

    Thanks Eric.

    I am unable to edit or delete any posts it seems, but please disregard my question.

    Once one installs FiddlerCertMaker addon, it appears you have to re-export and re-install the FiddlerRoot cert on any devices.  This solved my issue.
Back to Top