Hello everyone,
I am trying to use a certificate that I have in the Windows Certificate Store with Fiddler.
In fact I am running the Fiddler in the server that is using the certificate in IIS.
I load the certificate to avoid fiddler certificate with the following code in Customize rules:
var certName: String = new String("servername")var oCert: X509Certificate2 = CertMaker.FindCert(certName)
var result = false
MessageBox.Show(oCert)
result = CertMaker.StoreCert("servername", oCert);
MessageBox.Show(result)
In 4 line I show the certificate and it is correct.
In line 6 I verify that the certificate is loaded (true).
But if I try to access with the browser, fiddler show it is capturing an decrypting but with fiddler certificate (DO_NOT_TRUST_FiddlerRoot)
Can you help me to use the correct certificate installed in windows store?
I am trying to follow something like:
The CertEnroll Certificate Generator (telerik.com)
I have colleagues using with pfx file:
CertMaker.StoreCert("example.com", "C:\\temp\\cert.pfx", "TopSecretPassword");
but I want to use the other method:
CertMaker.StoreCert("example.com", certMyCert);
Any idea?
Thanks in advanced.
Hi Eric,
Sorry for the delay but I just saw your message.
Reading the documentation of CertMaker:
https://www.fiddlerbook.com/om/html/C2569A4.htm
CertMaker Class
This class is used to find and create certificates for use in HTTPS interception. The default implementation (DefaultCertProvider object) uses the Windows Certificate store, but if a plugin ICertificateProvider is provided, it is used instead.
Reading that, my understanding is that CertMaker will use Windows Certificate store, is it limited in some way to only the ones created by fiddler?
CertMaker should have been named CertSource-- it is an object that, when asked for a certificate valid for a given hostname, returns such a certificate.
The default provider wrapped by CertMaker is CertEnroll, which first searches its memory cache and then the Windows cert store for a matching certificate*, and if one is not found, creates one using the Windows CertEnroll COM apis.
* Crucially, however, the search of the cert store looks for certificates created by Fiddler. It could have instead searched for any matching cert that has a private key, but it never occurred to me that this would be useful, because its extremely unusual to have a server's "real" private key on a client box running Fiddler.
So, the workaround is to explicitly tell the CertMaker "For this hostname, use this cert/key" via the StoreCert API.
Thanks for the information, as you said CertMaker.FindCert return an Fiddler certificate instead of the one from public CA that is available, so I use the following lines to select a certificate on Windows Store:
var store = new X509Store(StoreName.My, StoreLocation.LocalMachine);
store.Open(OpenFlags.ReadOnly);
var certs = store.Certificates.Find(X509FindType.FindByThumbprint, "1234567890ABCDE123456789ABCDE", false);
CertMaker.StoreCert("hostname", cert);
And now it is working!!
I give you some insides why I am using the original certificate.
I work on a support a server side application, so I run fiddler on server side and drive the client to use the same server as a proxy and I can see all the communications and help me in the analysis.
It is the other way around to use fiddler without the issue with the certificate for customer side.
Thank you very much for your help!!