I am using fiddler as a proxy to an Xbox360 and I can't figure out why the certificates don't appear to be trusted. This is the error I am getting and I have tried a few different solutions.
I have deployed the root certificate created by exporting the root certificate to the xbox360 itself and set another machine as the proxy.
Added fiddler root certificate to the Trusted Root Certificate Authorities on the proxy machine.
When I run fiddler on the proxy machine I get a "tunnel to" with this exception.
12:55:47:1597 /Fiddler.CertMaker> Invoking makecert.exe with arguments: -pe -ss my -n "CN=*.sbx1.cdops.net, O=DO_NOT_TRUST, OU=Created by http://www.fiddler2.com" -sky exchange -in DO_NOT_TRUST_FiddlerRoot -is my -eku 1.3.6.1.5.5.7.3.1 -cy end -a sha256 -m 132 -b 10/25/2014
12:55:47:3337 /Fiddler.CertMaker>8-CreateCert(*.sbx1.cdops.net) => (0).
12:55:47:3717 !SecureClientPipeDirect failed: System.IO.IOException Authentication failed because the remote party has closed the transport stream. for pipe (CN=*.sbx1.cdops.net, O=DO_NOT_TRUST, OU=Created by http://www.fiddler2.com)
I did notice the root certificate is sha1 but the interception certificates are sha256. Would that matter? Our services webserver just needs to trust fiddler as a trusted authority right? This used to work and we didn't have this certificate installed on the webserver previously so I'm leaning towards a configuration issue with my proxy machine.
I have also tried installing the certmaker plugin with the same error results.
Any help is appreciated,
John G.
7 Answers, 1 is accepted
I'm not sure I understand your configuration. Is it [WindowsPC with Fiddler] + [XBOX360]? Or is there another PC involved for some reason?
Specifically how did you configure the XBOX360 to trust Fiddler's certificate? Please keep in mind that every PC running Fiddler generates its own unique certificate, so you can't just put any "FiddlerRoot" certificate on the XBox and have it work.
The message: !SecureClientPipeDirect failed: System.IO.IOException Authentication failed because the remote party has closed the transport stream. for pipe (CN=*.sbx1.cdops.net, O=DO_NOT_TRUST, OU=Created by http://www.fiddler2.com)
... typically indicates that the client (presumably your XBOX360?) closed the connection as soon as it received the certificate from Fiddler. This typically happens when the client hasn't been configured to trust the root certificate and thus it assumes it is under attack and aborts. It would also happen if you'd put a FiddlerRoot certificate from "Machine A" on the Xbox but then tried to capture traffic from that Xbox using a Fiddler instance on "Machine B".
Regards,
Eric Lawrence
Telerik
Hi Eric,
The configuration is WindowsPC with Fiddler and then the Xbox360. We export the root certificate to the desktop and then copy that to the xbox360 certificate location.
According to their documentation we just deploy the root certificate to the machine's certificate store. I'm going to see if I can clear out that location on the xbox360. It could be possible there are multiple fiddler certs deployed on it. I'm not sure how the machine would handle a case like that but it's worth a test.
If you had a configuration working previously and it stopped working, chances are good that it's related to Fiddler's recent change to use wildcard certificates. Please see this post for details on how you might resolve this problem.
Thanks!
Eric Lawrence
Telerik
I assume you mean to say "a similar error" occurred; if "the same error" occurred, it means your change to disable wildcard certificates was not effective.
Regards,
Eric Lawrence
Telerik