I'm trying to use Fiddler v4.6.20171.7553 with Java app bundled with its own jvm/jre 1.7.0_80
I've exported certificate of Fiddler to desktop and using keytool added certificate to its keystore:
keytool -import -keystore cacerts -file FiddlerRoot.cer -alias fiddler
keytool reported that certificate successfully imported, what I've checked with command:
keytool -list -v -keystore cacerts -alias fiddler
I've also installed certificates to Windows both to local and user space for sure.
Server I'm trying to connect is configured to use TLS1.0;TLS1.1;TLS1.2 protocols, so that what I set in Fiddler options for HTTPS protocols. I've also tried to add <client> and using different combinations of different protocols, but it didn't help.
Resetting of certificates, or deleting Interception certificates and adding again doesn't help.
I always get error:
!SecureClientPipeDirect failed: System.Security.Authentication.AuthenticationException A call to SSPI failed, see inner exception. < An unknown error occurred while processing the certificate on pipe (CN=target.website, O=DO_NOT_TRUST, OU=Created by http://www.fiddler2.com).
On the app side I have error:
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
OS details: 64-bit AMD64, VM: 56,0mb, WS: 94,0mb .NET 4.6.2 WinNT 10.0.10240.0
Request headers:
CONNECT target.website:443 HTTP/1.1
User-Agent: Java/1.7.0_80
Host: target.website
Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2
A SSLv3-compatible ClientHello handshake was found. Fiddler extracted the parameters below.
Version: 3.1 (TLS/1.0)
Random: some random
"Time": 07.06.2015 3:37:44
SessionID: empty
Extensions:
elliptic_curves secp256r1 [0x17], sect163k1 [0x1], sect163r2 [0x3], secp192r1 [0x13], secp224r1 [0x15], sect233k1 [0x6], sect233r1 [0x7], sect283k1 [0x9], sect283r1 [0xA], secp384r1 [0x18], sect409k1 [0xB], sect409r1 [0xC], secp521r1 [0x19], sect571k1 [0xD], sect571r1 [0xE], secp160k1 [0xF], secp160r1 [0x10], secp160r2 [0x11], sect163r1 [0x2], secp192k1 [0x12], sect193r1 [0x4], sect193r2 [0x5], secp224k1 [0x14], sect239k1 [0x8], secp256k1 [0x16]
ec_point_formats uncompressed [0x0]
server_name target.website
Ciphers:
[C00A] TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
[C014] TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA
[0035] TLS_RSA_AES_256_SHA
[C005] TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
[C00F] TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
[0039] TLS_DHE_RSA_WITH_AES_256_SHA
[0038] TLS_DHE_DSS_WITH_AES_256_SHA
[C009] TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
[C013] TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA
[002F] TLS_RSA_AES_128_SHA
[C004] TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
[C00E] TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
[0033] TLS_DHE_RSA_WITH_AES_128_SHA
[0032] TLS_DHE_DSS_WITH_AES_128_SHA
[C008] TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
[C012] TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
[000A] SSL_RSA_WITH_3DES_EDE_SHA
[C003] TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
[C00D] TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
[0016] SSL_DHE_RSA_WITH_3DES_EDE_SHA
[0013] SSL_DHE_DSS_WITH_3DES_EDE_SHA
[C007] TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
[C011] TLS_ECDHE_RSA_WITH_RC4_128_SHA
[0005] SSL_RSA_WITH_RC4_128_SHA
[C002] TLS_ECDH_ECDSA_WITH_RC4_128_SHA
[C00C] TLS_ECDH_RSA_WITH_RC4_128_SHA
[0004] SSL_RSA_WITH_RC4_128_MD5
[00FF] TLS_EMPTY_RENEGOTIATION_INFO_SCSV
Compression:
[00] NO_COMPRESSION