This is a migrated thread and some comments may be shown as answers.

"makecert.exe returned -1" When attempting to decrypt HTTPS Traffic

6 Answers 76 Views
Fiddler Classic
This is a migrated thread and some comments may be shown as answers.
David
Top achievements
Rank 2
David asked on 09 Jun 2014, 08:05 PM
Whenever I attempt to decrypt HTTPS traffic with Fiddler (something that once upon a time worked for me) I get an error very similar to the following:

Creation of the interception certificate failed.

makecert.exe returned -1.

Results from C:\Program Files (x86)\Fiddler2\MakeCert.exe -pe -ss my -n "CN=manage.windowsazure.com, O=DO_NOT_TRUST, OU=Created by http://www.fiddler2.com" -sky exchange -in DO_NOT_TRUST_FiddlerRoot -is my -eku 1.3.6.1.5.5.7.3.1 -cy end -a sha1 -m 132 -b 06/08/2013

Error: Fail to acquire a security provider from the issuer's certificate
Failed
--------------------------------------------------------

I have already attempted the repair steps documented here to no avail: http://stackoverflow.com/questions/5519418/fiddler2-unable-to-generate-certificate

6 Answers, 1 is accepted

Sort by
0
David
Top achievements
Rank 2
answered on 09 Jun 2014, 08:19 PM
The link in my original post is bad, here is an updated one: http://stackoverflow.com/questions/5519418/fiddler2-unable-to-generate-certificate
0
Accepted
Eric Lawrence
Telerik team
answered on 09 Jun 2014, 09:05 PM
Hello, David--

The error message in question is typically seen when a 3rd party PKI security package is installed and interfering with the creation of certificates.

It's not clear to me what exactly you've tried so far. Often, the simplest fix is to just install the Fiddler CertMaker add-on: http://fiddler2.com/r/?fiddlercertmaker


Regards,
Eric Lawrence
Telerik
 

Check out the Telerik Platform - the only platform that combines a rich set of UI tools with powerful cloud services to develop web, hybrid and native mobile apps.

 
0
David
Top achievements
Rank 2
answered on 09 Jun 2014, 09:09 PM
Eric,

Beautiful.  It seems my problem is solved.

Thank you!

David C
0
Neil
Top achievements
Rank 1
answered on 09 Feb 2015, 08:21 PM
Old post, sorry, but I am looking for some more help.  I also had this working at one point and it broke.  Now I do believe it has to do with soem security changes at work, however, I follwoed these instructions which then fixed the issue of the makecert.exe errors.

However, now any SSL traffic within my browser (or phone, when I connect remotely) are not working due to the normal "Your connection is not private" error which does not allow me to continue either within a desktop browser, or my phone (Android)

I have already installed Fiddler's root certificate in both my laptops "Trusted" cert store and installed it on Android, for both "Wi-fi" and "VPN and Apps" but it does not seem to be working.
0
Eric Lawrence
Telerik team
answered on 09 Feb 2015, 08:24 PM
It would be best to start a new post rather than reviving an old post on an unrelated error.

If you send the exact text of the error page in Internet Explorer, I'd be happy to help you. Please be sure to include your Fiddler version number from Help > About, as well as the text from Fiddler's LOG tab.

Typically, the problem is that the client has previously trusted an old (and different) Fiddler root certificate and you need to remove that old certificate before attempting to trust the new one.

Regards,
Eric Lawrence
Telerik
 

Check out the Telerik Platform - the only platform that combines a rich set of UI tools with powerful cloud services to develop web, hybrid and native mobile apps.

 
0
Neil
Top achievements
Rank 1
answered on 09 Feb 2015, 08:28 PM
Thanks Eric.

I am unable to edit or delete any posts it seems, but please disregard my question.

Once one installs FiddlerCertMaker addon, it appears you have to re-export and re-install the FiddlerRoot cert on any devices.  This solved my issue.
Tags
Fiddler Classic
Asked by
David
Top achievements
Rank 2
Answers by
David
Top achievements
Rank 2
Eric Lawrence
Telerik team
Neil
Top achievements
Rank 1
Share this question
or