I'm trying to use Fiddler v4.6.20171.7553 with Java app bundled with its own jvm/jre 1.7.0_80
I've exported certificate of Fiddler to desktop and using keytool added certificate to its keystore:
keytool -import -keystore cacerts -file FiddlerRoot.cer -alias fiddler
keytool reported that certificate successfully imported, what I've checked with command:
keytool -list -v -keystore cacerts -alias fiddler
I've also installed certificates to Windows both to local and user space for sure.
Server I'm trying to connect is configured to use TLS1.0;TLS1.1;TLS1.2 protocols, so that what I set in Fiddler options for HTTPS protocols. I've also tried to add <client> and using different combinations of different protocols, but it didn't help.
Resetting of certificates, or deleting Interception certificates and adding again doesn't help.
I always get error:
!SecureClientPipeDirect failed: System.Security.Authentication.AuthenticationException A call to SSPI failed, see inner exception. < An unknown error occurred while processing the certificate on pipe (CN=target.website, O=DO_NOT_TRUST, OU=Created by http://www.fiddler2.com).
On the app side I have error:
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
OS details: 64-bit AMD64, VM: 56,0mb, WS: 94,0mb .NET 4.6.2 WinNT 10.0.10240.0
Request headers:
CONNECT target.website:443 HTTP/1.1
User-Agent: Java/1.7.0_80
Host: target.website
Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2
A SSLv3-compatible ClientHello handshake was found. Fiddler extracted the parameters below.
Version: 3.1 (TLS/1.0)
Random: some random
"Time": 07.06.2015 3:37:44
SessionID: empty
Extensions:
elliptic_curves secp256r1 [0x17], sect163k1 [0x1], sect163r2 [0x3], secp192r1 [0x13], secp224r1 [0x15], sect233k1 [0x6], sect233r1 [0x7], sect283k1 [0x9], sect283r1 [0xA], secp384r1 [0x18], sect409k1 [0xB], sect409r1 [0xC], secp521r1 [0x19], sect571k1 [0xD], sect571r1 [0xE], secp160k1 [0xF], secp160r1 [0x10], secp160r2 [0x11], sect163r1 [0x2], secp192k1 [0x12], sect193r1 [0x4], sect193r2 [0x5], secp224k1 [0x14], sect239k1 [0x8], secp256k1 [0x16]
ec_point_formats uncompressed [0x0]
server_name target.website
Ciphers:
[C00A] TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
[C014] TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA
[0035] TLS_RSA_AES_256_SHA
[C005] TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
[C00F] TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
[0039] TLS_DHE_RSA_WITH_AES_256_SHA
[0038] TLS_DHE_DSS_WITH_AES_256_SHA
[C009] TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
[C013] TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA
[002F] TLS_RSA_AES_128_SHA
[C004] TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
[C00E] TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
[0033] TLS_DHE_RSA_WITH_AES_128_SHA
[0032] TLS_DHE_DSS_WITH_AES_128_SHA
[C008] TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
[C012] TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
[000A] SSL_RSA_WITH_3DES_EDE_SHA
[C003] TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
[C00D] TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
[0016] SSL_DHE_RSA_WITH_3DES_EDE_SHA
[0013] SSL_DHE_DSS_WITH_3DES_EDE_SHA
[C007] TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
[C011] TLS_ECDHE_RSA_WITH_RC4_128_SHA
[0005] SSL_RSA_WITH_RC4_128_SHA
[C002] TLS_ECDH_ECDSA_WITH_RC4_128_SHA
[C00C] TLS_ECDH_RSA_WITH_RC4_128_SHA
[0004] SSL_RSA_WITH_RC4_128_MD5
[00FF] TLS_EMPTY_RENEGOTIATION_INFO_SCSV
Compression:
[00] NO_COMPRESSION
2 Answers, 1 is accepted
Rank 1
Could you, please, update to the latest version of Fiddler and reset your Fiddler root CA certificate. Try again and if this does not help, you could try using the Fiddler's CertMaker add-on.
Regards,
Simeon
Progress Telerik