This is a migrated thread and some comments may be shown as answers.

Question on Fiddler Root Certificate

5 Answers 418 Views
Windows
This is a migrated thread and some comments may be shown as answers.
Carlos
Top achievements
Rank 2
Iron
Carlos asked on 14 Apr 2020, 03:00 PM

Hello there,

I know every time you install Fiddler in a different machine and enable it to decrypt HTTPS it generates a new certificate that is different for each machine and you need to install it in client devices so the decryption can happen.  I thought I had find a way around this until today it didn't work for me anymore but just want to ask in case something can still be done :-).

I built a cloud server and installed Fiddler and set it up to decrypt HTTPS then configured a bunch of devices to accept the certificate and everything was fine.  Once finished my testing since cloud servers cost money and I didn't wanna pay for it while idle I created an image and deleted the server in hopes next time I would have all the configuration and it seemed to work fine.  I recreated the server from the image a bunch of times and every time I was able to connect the devices and do my testing no problem... well, until today when I just did the same again and I'm getting the …  "!SecureClientPipeDirect failed: System.ComponentModel.Win32Exception The credentials supplied to the package were not recognized for pipe (CN=*.somerandomdomain.com, O=DO_NOT_TRUST, OU=Created by http://www.fiddler2.com)" .. which basically means if I'm correct I need to generate a new certificate which then I need to install in all the clients :-\ .. I tried just downloading the certificate again from the fiddler proxy URL but it is the same of course and if I do a binary compare using "fc.exe /b" I can confirm they're identical so it seems my only way would be to generate a new one … before I give up to that, is there anything else I could do to avoid having to do it? my main issue is I don't have all the devices on hand and now I'd have to reach to every user and explain one by one how to do this and some of them are not that tech savvy :-(

Cheers,

Carlos.

 

5 Answers, 1 is accepted

Sort by
0
Eric R | Senior Technical Support Engineer
Telerik team
answered on 14 Apr 2020, 09:22 PM

Hi Carlos,

Unfortunately, I don't think there is any option for Fiddler to work in this type of environment because I am not certain what is cleared out in storage upon server teardown and rebuild. Although, can you confirm which Certificate Generator you are using as described in the FAQ - Certificates in Fiddler post? It might work to use BouncyCastle instead of CertMaker.

Alternatively, a lower-level network monitoring tool like Wireshark might prove more useful in this scenario as well.

Please let me know if you need any additional information. Thank you and I look forward to your reply.

Regards,


Eric R | Senior Technical Support Engineer
Progress Telerik

Progress is here for your business, like always. Read more about the measures we are taking to ensure business continuity and help fight the COVID-19 pandemic.
Our thoughts here at Progress are with those affected by the outbreak.
0
Carlos
Top achievements
Rank 2
Iron
answered on 15 Apr 2020, 11:24 AM

Hey Eric,

Thank you for taking the time to answer my question.  I'm already using BouncyCastle I think since it's the default Fiddler was installed with as so far I can remember. When I go to Tools/Options/HTTPS it say "Certificates generated by CertEnroll engine" 

Cheers,

Carlos.

 

 

0
Eric R | Senior Technical Support Engineer
Telerik team
answered on 16 Apr 2020, 02:22 PM

Hi Carlos,

Thank you for confirming which certificate generator is used. Although, if the scenario is still unable to work with the CertEnroll engine, then I am don't believe that Fiddler can work in this way. This is because cloud providers may change things when they tear down and rebuild the virtual machines. 

One alternative would be to build Fiddler into your application using FiddlerCore. If that is not an option, then my only recommendation would be to reconfigure after each teardown and rebuild or use a lower-level network monitoring system. 

I hope this helps. Please let me know if you have any additional questions. Thank you for using the Fiddler forums.

Regards,


Eric R | Senior Technical Support Engineer
Progress Telerik

Progress is here for your business, like always. Read more about the measures we are taking to ensure business continuity and help fight the COVID-19 pandemic.
Our thoughts here at Progress are with those affected by the outbreak.
0
Carlos
Top achievements
Rank 2
Iron
answered on 16 Apr 2020, 03:24 PM
Thank you again Erik .. I read a little bit about FiddlerCore a while ago so please correct me if I'm wrong but the idea with FiddlerCore for my specific issue is that I'd be able to build my own let's say listening service allowing remote connections and providing my own certificate so it's never changing and that way I need to thrust only that one on the external devices and even if I move servers I can just port my certificate over? .. ty again :-)
0
Eric R | Senior Technical Support Engineer
Telerik team
answered on 16 Apr 2020, 04:29 PM

Hi Carlos,

I don't see any issues with building a custom service and it is definitely possible to use a Custom Root Certificate with FiddlerCore. I do recommend reviewing the FiddlerCore Configuration documentation for any special cases with how to configure everything. Note that implementing this would require a FiddlerCore Trial.

Please let me know if you need any additional information. Thank you.

Regards,


Eric R | Senior Technical Support Engineer
Progress Telerik

Progress is here for your business, like always. Read more about the measures we are taking to ensure business continuity and help fight the COVID-19 pandemic.
Our thoughts here at Progress are with those affected by the outbreak.
Tags
Windows
Asked by
Carlos
Top achievements
Rank 2
Iron
Answers by
Eric R | Senior Technical Support Engineer
Telerik team
Carlos
Top achievements
Rank 2
Iron
Share this question
or