I have Fiddler setup as a reverse proxy to capture request and responses from my app. While my app is working, it's not capturing any requests and response, and I'm getting these errors in my fiddler log. I tried CertEnroll and MakeCert but both throw different errors.

I tried searching for this error and I read this article but I don't know what the issue is:
https://www.telerik.com/blogs/faq---certificates-in-fiddler

How can I fix these errors so Fiddler can capture my requests and responses in my app?

-= Fiddler Event Log =-
See http://fiddler2.com/r/?FiddlerLog for details.

15:13:46:5212 Fiddler Running...
15:13:46:5592 !WARNING Fiddler has detected that Chrome GPO specifies proxy configuration 'system'.
15:13:54:5022 /Fiddler.CertMaker> Using Fiddler.DefaultCertificateProvider+CertEnrollEngine for certificate generation
15:13:54:5252 /Fiddler.CertMaker> Failed to identify private key location for Root Certificate. Exception: System.NullReferenceException Object reference not set to an instance of an object.
15:13:54:5272 /Fiddler.CertMaker> Invoking CertEnroll for arguments: CN=doesitmatter.com, O=DO_NOT_TRUST, OU=Created by http://www.fiddler2.com
15:13:54:8502 !ERROR: Failed to generate Certificate using CertEnroll. System.Reflection.TargetInvocationException Exception has been thrown by the target of an invocation. < CertEnroll::CSignerCertificate::Initialize: The certificate does not have a property that references a private key. 0x8009200a (-2146885622)
15:13:54:8502 /Fiddler.CertMaker> Failed to identify private key location for Root Certificate. Exception: System.NullReferenceException Object reference not set to an instance of an object.
15:13:54:8502 !Fiddler.CertMaker> Tried to create cert for doesitmatter.com, but can't find it from thread 10!
15:13:54:8512 fiddler.https> Failed to obtain certificate for doesitmatter.com due to Certificate Maker returned null when asked for a certificate for doesitmatter.com
15:13:59:8712 /Fiddler.CertMaker> Invoking CertEnroll for arguments: CN=some-url.com, O=DO_NOT_TRUST, OU=Created by http://www.fiddler2.com
15:13:59:8712 /Fiddler.CertMaker> Reusing PrivateKey for new certificate.
15:13:59:8812 !ERROR: Failed to generate Certificate using CertEnroll. System.Reflection.TargetInvocationException Exception has been thrown by the target of an invocation. < CertEnroll::CSignerCertificate::Initialize: The certificate does not have a property that references a private key. 0x8009200a (-2146885622)
15:13:59:8812 /Fiddler.CertMaker> Failed to identify private key location for Root Certificate. Exception: System.NullReferenceException Object reference not set to an instance of an object.
15:13:59:8812 !Fiddler.CertMaker> Tried to create cert for some-url.com, but can't find it from thread 13!
15:13:59:8812 fiddler.https> Failed to obtain certificate for some-url.com due to Certificate Maker returned null when asked for a certificate for some-url.com


When I use makeCert:

-= Fiddler Event Log =-
See http://fiddler2.com/r/?FiddlerLog for details.

17:27:43:2012 Fiddler Running...
17:27:43:2322 !WARNING Fiddler has detected that Chrome GPO specifies proxy configuration 'system'.
17:27:48:1422 /Fiddler.CertMaker> Using Fiddler.DefaultCertificateProvider+MakeCertEngine for certificate generation
17:27:48:1652 /Fiddler.CertMaker> Failed to identify private key location for Root Certificate. Exception: System.NullReferenceException Object reference not set to an instance of an object.
17:27:48:1682 /Fiddler.CertMaker> Invoking makecert.exe with arguments: -pe -ss my -n "CN=something.com, O=DO_NOT_TRUST, OU=Created by http://www.fiddler2.com" -sky exchange -in DO_NOT_TRUST_FiddlerRoot -is my -eku 1.3.6.1.5.5.7.3.1 -cy end -a sha256 -m 132 -b 09/04/2018
17:27:48:8222 /Fiddler.CertMaker>11-CreateCert(something.com) => (-1)
Results from C:\Program Files (x86)\Fiddler2\MakeCert.exe -pe -ss my -n "CN=something.com, O=DO_NOT_TRUST, OU=Created by http://www.fiddler2.com" -sky exchange -in DO_NOT_TRUST_FiddlerRoot -is my -eku 1.3.6.1.5.5.7.3.1 -cy end -a sha256 -m 132 -b 09/04/2018

Error: Fail to acquire a security provider from the issuer's certificate
Failed
-------------------------------------------

17:27:48:8222 Fiddler.CertMaker> [C:\Program Files (x86)\Fiddler2\MakeCert.exe -pe -ss my -n "CN=something.com, O=DO_NOT_TRUST, OU=Created by http://www.fiddler2.com" -sky exchange -in DO_NOT_TRUST_FiddlerRoot -is my -eku 1.3.6.1.5.5.7.3.1 -cy end -a sha256 -m 132 -b 09/04/2018 ] Returned Error: Creation of the interception certificate failed.

makecert.exe returned -1.

Results from C:\Program Files (x86)\Fiddler2\MakeCert.exe -pe -ss my -n "CN=something.com, O=DO_NOT_TRUST, OU=Created by http://www.fiddler2.com" -sky exchange -in DO_NOT_TRUST_FiddlerRoot -is my -eku 1.3.6.1.5.5.7.3.1 -cy end -a sha256 -m 132 -b 09/04/2018

Error: Fail to acquire a security provider from the issuer's certificate
Failed
-------------------------------------------

Fiddler v4.5.1.2

need help

I did what you said and now my app isn't running at all. Giving this error:

java.rmi.RemoteException: Error when invoking remote method: somesoapservice; nested exception is:
    java.lang.reflect.InvocationTargetException
Caused by: javax.xml.ws.soap.SOAPFaultException: javax.net.ssl.SSLHandshakeException: General SSLEngine problem
Caused by: com.ibm.jsse2.util.h: KeyUsage does not allow digital signatures

Can you update these instructions they weren't right for me. I had to create the DWORD string and give is the value of my port. It did not already exist.

I'm getting this error along with "KeyUsage does not allow digital signatures" error.

CWPKI0022E: SSL HANDSHAKE FAILURE:  A signer with SubjectDN "CN=myservice.com, O=DO_NOT_TRUST, OU=Created by http://www.fiddler2.com" was sent from target host:port "127.0.0.1:8888".  The signer may need to be added to local trust store "C:/Program Files (x86)/IBM/WebSphere/AppServer/profiles/AppSrv01/config/cells/MYNode01Cell/nodes/MYNode01/trust.p12" located in SSL configuration alias "NodeDefaultSSLSettings" loaded from SSL configuration file "security.xml".  The extended error message from the SSL handshake exception is: "KeyUsage does not allow digital signatures".

As you can see I've already added the fiddler and myservice.com cert to my trust.p12 that's shown in the above error. However I think it's looking for the cert Fiddler created for myservice.com. I don't know where that cert is or why I would need to add it.
$ keytool -list -v -keystore  trust.p12
Enter keystore password:  WebAS
Keystore type: PKCS12
Keystore provider: SUN

Your keystore contains 2 entries

Alias name: fiddlernew
Creation date: Sep 11, 2019
Entry type: trustedCertEntry

Owner: CN=DO_NOT_TRUST_FiddlerRoot, O=DO_NOT_TRUST, OU=Created by http://www.fiddler2.com
Issuer: CN=DO_NOT_TRUST_FiddlerRoot, O=DO_NOT_TRUST, OU=Created by http://www.fiddler2.com
Serial number: 414c37d1e9259bb6431f9bd685b66439
Valid from: Sun Sep 09 06:28:18 EDT 2018 until: Sun Sep 08 06:28:18 EDT 2024
Certificate fingerprints:
         MD5:  23:46:FD:3B:30:16:9D:98:68:2A:8B:64:6C:32:CA:A7
         SHA1: 23:B0:43:DF:37:1A:C7:2E:BB:D4:47:A1:ED:24:86:9B:1F:CA:04:6A
         SHA256: EB:39:30:D0:31:41:3F:28:DE:2F:B2:1A:A7:87:E0:99:A7:D4:9D:EB:A2:24:65:B5:26:EA:38:3A:AD:43:66:43
Signature algorithm name: SHA256withRSA
Subject Public Key Algorithm: 2048-bit RSA key
Version: 3

Extensions:

#1: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
  CA:true
  PathLen:0
]

#2: ObjectId: 2.5.29.37 Criticality=false
ExtendedKeyUsages [
  serverAuth
]

#3: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
  Key_CertSign
  Crl_Sign
]

#4: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 6B 59 E5 48 17 90 8D A8   69 20 C2 A3 9C 79 1E 9F  kY.H....i ...y..
0010: 9E A9 7F 8D                                        ....
]
]



*******************************************
*******************************************


Alias name: myservice
Creation date: Sep 11, 2019
Entry type: trustedCertEntry

Owner: CN=myservice.com......the rest of my myservice.com ...

 

 

I'm trying different ciphers now incase it's a cipher issue instead of a cert one. I was able to run my app and hit myservice.com fine, the request just werent showing in Fiddler. But now the requests don't complete.

Fiddler Dev Log

16:19:40:9857 !SecureClientPipeDirect failed: System.IO.IOException Authentication failed because the remote party has closed the transport stream. on pipe to (CN=myservice.com, O=DO_NOT_TRUST, OU=Created by http://www.fiddler2.com)
16:42:14:1337 !SecureClientPipeDirect failed: System.IO.IOException Unable to read data from the transport connection: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond. < A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond on pipe to (CN=myservice.com, O=DO_NOT_TRUST, OU=Created by http://www.fiddler2.com)

I finally got it working. I had to disable all SSL_ECDHE_* and SSL_DHE_* ciphers in my WebSphere 8.5.0.0. Now it's using SSL_RSA_WITH_AES_128_GCM_SHA256 to connect successfully. I'm pretty sure this defect was the cause of my issue.
http://www-01.ibm.com/support/docview.wss?uid=swg1PM68915