Your connection is not private - NET::ERR_CERT_INVALID

6 posts, 0 answers
  1. khalid
    khalid avatar
    5 posts
    Member since:
    Dec 2014

    Posted 09 Jan 2015 Link to this post

    Hi,

    On visiting https sites like https://google.com, etc. from non-administrator windows account shows following error in chrome-

    Note: There are no issues with Administrator account. Also latest fidder dll is used.

    Kindly suggest.

    =====ERROR=========================

    Your connection is not private

    NET::ERR_CERT_INVALID

    Subject: www.google.co.in
    Issuer: DO_NOT_TRUST_FiddlerRoot
    Expires on: Jan 9, 2025
    Current date: Jan 9, 2015
    PEM encoded chain: -----BEGIN CERTIFICATE-----
    MIIEIDCCAwigAwIBAgIQTlVbjpOQwE2xzdCLAw6zwjANBgkqhkiG9w0BAQsFADBq
    MSswKQYDVQQLDCJDcmVhdGVkIGJ5IGh0dHA6Ly93d3cuZmlkZGxlcjIuY29tMRgw
    FgYDVQQKDA9ET19OT1RfVFJVU1RfQkMxITAfBgNVBAMMGERPX05PVF9UUlVTVF9G
    aWRkbGVyUm9vdDAeFw0xNTAxMDIwMDAwMDBaFw0yNTAxMDkwMDAwMDBaMGIxKzAp
    BgNVBAsMIkNyZWF0ZWQgYnkgaHR0cDovL3d3dy5maWRkbGVyMi5jb20xGDAWBgNV
    BAoMD0RPX05PVF9UUlVTVF9CQzEZMBcGA1UEAwwQd3d3Lmdvb2dsZS5jby5pbjCC
    ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJcH4QBeyYzwqGnzXAJi/XGd
    og+X3IUltUelLtp/4Gu4iJPY4lPiH7nZhOc4sflPvwgR9fjkW8VC66MaC7LIHxYE
    QzY/F0vhQwtuyHuuytb+fJ83A016qB0dxIsKv23vRLJJWZNY2T070XFTPD0P90Wk
    80OUTbNxSmwVjSO+v5Fj2punwacfyiSO/SwXdYK2Si4qPYfMrk4+XhGYWibISHuL
    MkBb2txztAxrNiLD4srR0E4YBCYWVLzKzbxTcj/e+HXe+wWkVYxQMYawZoUTwZqG
    F442jRcmkCwnjA+O6vJLnmhbfA57cafFxLE2WRCsgrjMl2rwlL+EC/AAkTYyymMC
    AwEAAaOByTCBxjCBowYDVR0jBIGbMIGYgBTwWRI8PkxLwZJVD8ILIP3dE1jB7KFu
    pGwwajErMCkGA1UECwwiQ3JlYXRlZCBieSBodHRwOi8vd3d3LmZpZGRsZXIyLmNv
    bTEYMBYGA1UECgwPRE9fTk9UX1RSVVNUX0JDMSEwHwYDVQQDDBhET19OT1RfVFJV
    U1RfRmlkZGxlclJvb3SCEACChZyw50T3L/zLgc+6CyswCQYDVR0TBAIwADATBgNV
    HSUEDDAKBggrBgEFBQcDATANBgkqhkiG9w0BAQsFAAOCAQEAUTjBICxinfvOZUhO
    zuLt1XBrJT1yrPOPVjEUExzeEiGWCe+uUTooavXlWdwXpL3g5PzBasLGNFxSTmpY
    c1fOQuWWvqNcAwpgbZxmMVstseQ+q89BS3eyvNBB6mM7K91LseGHYBE7ji3FpRJs
    Ggc2hDkoGBdWIgq3fKtd7kIxB7g7hMBt7ec2eCcDkU1ACONO4AUz3PifomKQ8yv0
    Dh0pI2WVwCRhOxzX3HvXVBrrd6kam8PDudHhCTKPLY4DUaa8eaWC4DfVKYAp+uEk
    pQgvqwAgw3drnGr0SB9AiTFXuPeEVtj9XUHZg/5VoC821npnh1NeFWyVlvlwRNTp
    odIZhw==
    -----END CERTIFICATE-----
    -----BEGIN CERTIFICATE-----
    MIIDozCCAougAwIBAgIQALGostjdEpCpSiqILm1ymzANBgkqhkiG9w0BAQsFADBq
    MSswKQYDVQQLDCJDcmVhdGVkIGJ5IGh0dHA6Ly93d3cuZmlkZGxlcjIuY29tMRgw
    FgYDVQQKDA9ET19OT1RfVFJVU1RfQkMxITAfBgNVBAMMGERPX05PVF9UUlVTVF9G
    aWRkbGVyUm9vdDAeFw0xNTAxMDIwMDAwMDBaFw0yNTAxMDkxNjA2MjdaMGoxKzAp
    BgNVBAsMIkNyZWF0ZWQgYnkgaHR0cDovL3d3dy5maWRkbGVyMi5jb20xGDAWBgNV
    BAoMD0RPX05PVF9UUlVTVF9CQzEhMB8GA1UEAwwYRE9fTk9UX1RSVVNUX0ZpZGRs
    ZXJSb290MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnPFzPLUapT7u
    FJunqww41DAq3IrBAvn+rgwn/CtjloMANfBAYdslEQKyZXrYMUlbUoxD3ibewVv2
    S+Y5fIUr/scFYi0lYdNNCfN68kxd0OAyEMpnU1l9NFj1l8+mz0GYHk+aT5roLFjj
    slyV0gHQSjBogkLCyWrsU1yZgmKK0jph8GMHjeaqugiSjluwp7zMfMIhqlxLMAH8
    kmhET1+wC3z8stAFVbzoEudq/gRsChHivc2+1FptWrVhTpDMYvxgKiCCOkiiphN3
    +X6g4W4fDFVaLa9RGgVYdQIlBDxsdylAXv4EvKZ6vt+VZ8j88bxPZ8MOUdSrA8VH
    1uEWK1e1lwIDAQABo0UwQzASBgNVHRMBAf8ECDAGAQH/AgEAMA4GA1UdDwEB/wQE
    AwICBDAdBgNVHQ4EFgQUsP3igXensy7iYLaTmhwc+vr4feswDQYJKoZIhvcNAQEL
    BQADggEBAJdOMo0tPo8zluUliCJMbCn1UDkj9av4yir5vGHa9ettvsFF6E6JmHys
    eM2d3DhPjT4hqhrx6KpJqFHAhW/EoHqurVbfvQhzVt2wYWx+Ivr83AXnpuHkbCrp
    UnVSt3MlsY5/DrOWDQd+L3wGB3N5Wem8JOEhXZ7D7LkFEwEXvk3OPocVZ5RGrs9h
    ghk2js5ewXAdWtudPnd2Gy8gjh5NIWgGZqaaNJkXHYSOZ2rlRhmzP2rYvX9FnzN3
    t6jX/H4gucNVl6whQ17hcnHDeRQm1zNJAnYbh3bUn7TycqY+Ti9eotzgrQGZ8IbL
    JcGMZRh+PlUuGD9oXf1Y0PSKzTQD93E=
    -----END CERTIFICATE----











  2. Eric Lawrence
    Admin
    Eric Lawrence avatar
    833 posts

    Posted 10 Jan 2015 Link to this post

    This message simply means that the Fiddler root certificate is not trusted.

    If you hit this in Fiddler, you should disable HTTPS decryption (using Tools > Fiddler Options > HTTPS) and then reenable. Accept the prompt to trust the certificate.

    If you hit this in FiddlerCore, did your FiddlerCore application manually trust the Fiddler root certificate? How did it do so? If you try to add the root to the MACHINE context store, the call will fail with Access Denied unless your FiddlerCore app is run as an administrator. When you add it to the USER context store, the request will show a dialog box before trusting the certificate.

    Regards,
    Eric Lawrence
    Telerik
     

    Check out the Telerik Platform - the only platform that combines a rich set of UI tools with powerful cloud services to develop web, hybrid and native mobile apps.

     
  3. khalid
    khalid avatar
    5 posts
    Member since:
    Dec 2014

    Posted 11 Jan 2015 in reply to Eric Lawrence Link to this post

    Hello Eric,

    We have used FiddlerCore.dll in an C# application. Following is our code to create and trust root-

    The application does not require any user intervene and needs to work with same functionality for all users.

    Kindly suggest.

    ===
    bool bCreatedRootCertificate = false,
    bTrustedRootCert = false;

                    if (!Fiddler.CertMaker.rootCertExists())
                    {
                        bCreatedRootCertificate = Fiddler.CertMaker.createRootCert();
                        if (!bCreatedRootCertificate) return false;
                    }

                    setMachineTrust(Fiddler.CertMaker.GetRootCertificate());

                    if (!Fiddler.CertMaker.rootCertIsTrusted())
                    {
                        bTrustedRootCert = Fiddler.CertMaker.trustRootCert();
                        if (!bTrustedRootCert) return false;
                    }
    ===

    private static bool setMachineTrust(X509Certificate2 oRootCert)
            {  
                    X509Store certStore = new X509Store(StoreName.Root,
                                                        StoreLocation.LocalMachine);
                    certStore.Open(OpenFlags.ReadWrite);

                    try
                    {
                        certStore.Add(oRootCert);
                    }
                    finally
                    {
                        certStore.Close();
                    }

                    return true;           
            }

  4. Eric Lawrence
    Admin
    Eric Lawrence avatar
    833 posts

    Posted 12 Jan 2015 Link to this post

    If you want setMachineTrust to function, your code must be run as an administrator. For obvious security reasons, you cannot reconfigure the machine's trusted certificate store unless you are running with Administrative permissions.

    Regards,
    Eric Lawrence
    Telerik
     

    Check out the Telerik Platform - the only platform that combines a rich set of UI tools with powerful cloud services to develop web, hybrid and native mobile apps.

     
  5. khalid
    khalid avatar
    5 posts
    Member since:
    Dec 2014

    Posted 13 Jan 2015 in reply to Eric Lawrence Link to this post

    Thanks for your help Eric,

    As mentioned we are using FiddlerCore and so now the Windows User (non- administrator)  is getting a dialog box for trusting the certificate.

    If we use code signing certificate from Verisign, Is there a possibility to trust the certificate programmatically, and therefore avoid the dialog box for the user.

    or are there any other ways to avoid the dialog box and still trust the cert.

    Kindly let me know.
    Thanks
  6. Eric Lawrence
    Admin
    Eric Lawrence avatar
    833 posts

    Posted 13 Jan 2015 Link to this post

    There are two places to get the certificate trusted:

    1. In the machine store (requires admin)
    2. In the user store (does not require admin, does show prompt)

    I've been told that there are ways to get the certificate in the user-store without showing the prompt, but they are not documented by Microsoft.
     
    Generally speaking, your best bet would be to have your installer (running as admin) trust the certificate.

    Regards,
    Eric Lawrence
    Telerik
     

    Check out the Telerik Platform - the only platform that combines a rich set of UI tools with powerful cloud services to develop web, hybrid and native mobile apps.

     
Back to Top