This is a migrated thread and some comments may be shown as answers.

Can not beat HTTPS with Java client

2 Answers 243 Views
This is a migrated thread and some comments may be shown as answers.
Top achievements
Rank 1
Pavel asked on 28 Feb 2017, 05:16 PM

I'm trying to use Fiddler v4.6.20171.7553 with Java app bundled with its own jvm/jre 1.7.0_80

I've exported certificate of Fiddler to desktop and using keytool added certificate to its keystore:

keytool -import -keystore cacerts -file FiddlerRoot.cer -alias fiddler

keytool reported that certificate successfully imported, what I've checked with command:

keytool -list -v -keystore cacerts -alias fiddler

I've also installed certificates to Windows both to local and user space for sure.

Server I'm trying to connect is configured to use TLS1.0;TLS1.1;TLS1.2 protocols, so that what I set in Fiddler options for HTTPS protocols. I've also tried to add <client> and using different combinations of different protocols, but it didn't help.

Resetting of certificates, or deleting Interception certificates and adding again doesn't help.

I always get error:

!SecureClientPipeDirect failed: System.Security.Authentication.AuthenticationException A call to SSPI failed, see inner exception. < An unknown error occurred while processing the certificate on pipe (, O=DO_NOT_TRUST, OU=Created by

On the app side I have error: PKIX path building failed: unable to find valid certification path to requested target

OS details: 64-bit AMD64, VM: 56,0mb, WS: 94,0mb .NET 4.6.2 WinNT 10.0.10240.0

Request headers:

User-Agent: Java/1.7.0_80
Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2

A SSLv3-compatible ClientHello handshake was found. Fiddler extracted the parameters below.

Version: 3.1 (TLS/1.0)
Random: some random
"Time": 07.06.2015 3:37:44
SessionID: empty
    elliptic_curves    secp256r1 [0x17], sect163k1 [0x1], sect163r2 [0x3], secp192r1 [0x13], secp224r1 [0x15], sect233k1 [0x6], sect233r1 [0x7], sect283k1 [0x9], sect283r1 [0xA], secp384r1 [0x18], sect409k1 [0xB], sect409r1 [0xC], secp521r1 [0x19], sect571k1 [0xD], sect571r1 [0xE], secp160k1 [0xF], secp160r1 [0x10], secp160r2 [0x11], sect163r1 [0x2], secp192k1 [0x12], sect193r1 [0x4], sect193r2 [0x5], secp224k1 [0x14], sect239k1 [0x8], secp256k1 [0x16]
    ec_point_formats    uncompressed [0x0]
    [0035]    TLS_RSA_AES_256_SHA
    [0039]    TLS_DHE_RSA_WITH_AES_256_SHA
    [0038]    TLS_DHE_DSS_WITH_AES_256_SHA
    [002F]    TLS_RSA_AES_128_SHA
    [0033]    TLS_DHE_RSA_WITH_AES_128_SHA
    [0032]    TLS_DHE_DSS_WITH_AES_128_SHA
    [C007]    TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
    [C011]    TLS_ECDHE_RSA_WITH_RC4_128_SHA
    [0005]    SSL_RSA_WITH_RC4_128_SHA
    [C002]    TLS_ECDH_ECDSA_WITH_RC4_128_SHA
    [C00C]    TLS_ECDH_RSA_WITH_RC4_128_SHA
    [0004]    SSL_RSA_WITH_RC4_128_MD5

    [00]    NO_COMPRESSION

2 Answers, 1 is accepted

Sort by
Top achievements
Rank 1
answered on 05 Apr 2019, 08:02 AM
Finally I found someone with the same error as me, unfortunately without solution...
Telerik team
answered on 09 Apr 2019, 02:18 PM
Hello Filip and Pavel,

Could you, please, update to the latest version of Fiddler and reset your Fiddler root CA certificate. Try again and if this does not help, you could try using the Fiddler's CertMaker add-on

Progress Telerik
Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Feedback Portal and vote to affect the priority of the items
Asked by
Top achievements
Rank 1
Answers by
Top achievements
Rank 1
Telerik team
Share this question