We are using Fiddler Classic with the CertMaker for iOS and Android extension. We made sure to "Reset All Certificates" through Fiddler and double checked if there were any leftover in the certificate stores (user and machine).
After installing the certificate created by CertMaker for iOS and Android, we are getting errors on mobile saying the certificate is invalid. We checked the certificate, and it has a lifetime of 10 year, while in Fiddler, it says it has a lifetime of 2 years.
Screenshots attached. Is there a regression in the CertMaker for iOS and Android?
1 Answer, 1 is accepted
Hello Taylor,
Newer mobile versions of browsers like Chrome will reject certificates with a longer validity period. The solution is to manually modify the validity of the generated certificate (no matter if you are using CertMaker to MakerCert). You can find a detailed description of the problem and solution to manually modify the validity of the generated certificate in the following forum thread:
https://www.telerik.com/forums/validity-period-of-generated-certificates-too-long
Regards,
Nick Iliev
Progress Telerik
Love the Telerik and Kendo UI products and believe more people should try them? Invite a fellow developer to become a Progress customer and each of you can get a $50 Amazon gift voucher.https://www.telerik.com/forums/validity-period-of-generated-certificates-too-long
The thing is that the newer mobile browsers are now supporting one year as a maximum validity period (see related threads like this one https://www.thesslstore.com/blog/google-chrome-to-join-apple-safari-in-one-year-certificate-validity/) while the default Fiddler configuration will create dynamical certificates with a validity of two years.
The certificate you see with ten years validity is the root one and is not the one that is causing the issue. The problem on your side is that the dynamically created certificates for each different site are with 2-years validity instead of 1-year validity. So the solution is to change the Fiddler configuration as shown in this forum thread and change the registry key configuration to 12 months. After executing the steps, the Fiddler Classic will start to dynamically generate site certificates with one year validity period instead of two years.
Can we configure the lifetime of the dynamic certificates generated by the "CertMaker for iOS and Android" extension? It seems counterintuitive that it makes them last 2 years rather than 1, as we've both seen that mobile browsers are limiting it to 1 year. The other forum post you linked only has instructions for MakeCert.
Hey Taylor,
Indeed the suggested "hack" should be applicable only for MakeCert.
Could you try the following alternative solution:
- Open FIddler Classic and in the QuickExec box prefs show
- On your right side, you should see a new tab that lists Fiddler preferences. Find the preferences called fiddler.certmaker.bc.ee.yearsvalid and change its value to 1 (for one year). This should change the validity for dynamically generated certificates from CertMaker to approximately one year starting seven days prior to the current day.
Alternatively, you could use the QucikExec box and directly set the value via the command as follows
prefs set fiddler.certmaker.bc.ee.yearsvalid 1
Could you also try to completely reset the Fiddler root certificates on the host machine (where the Fiddler proxy is being set - I guess that in your case, that would be the same PC that hosts the Android emulator).
Additionally, is the issue happening when using an actual device or the OS browsers? If possible, try to reproduce the issue on another emulator or real device to eliminate the possibility of dealing with a specific Android emulator issue with the trusted authorities.
Lastly, some browsers are having issues when the Fiddler root certificate is not in their Trusted Authorities store. Not sure which browses are causing the issue, but you could also check the OS certificate settings and check if the issue will be resolved by adding the Fiddler certificate in the authorities store.