I just downloaded and installed Fiddler on my Ubuntu 16.04 machine (Love it on my Windows machine). Getting the Fiddler certificate installed for Chrome and Firefox was surprisingly easy (I thought I would have to do some converting).
However, when I try to add the same CER file to the system wide trusted certificates, my OS tells me that the FiddlerRoot.pem does not contain a certificate (output pasted below). I am wondering if this is a known issue since this is still in beta phase or if I am doing something wrong.
I am trying to do this so when I run things through the terminal Fiddler will pick them up - specifically HTTPS requests.
test@GPA-HSW04:/usr/lib/mono/4.5$ sudo cp '/home/test/Desktop/FiddlerRoot.cer' '/usr/share/ca-certificates/FiddlerRoot.crt'
test@GPA-HSW04:/usr/lib/mono/4.5$ sudo dpkg-reconfigure ca-certificatesProcessing triggers for ca-certificates (20160104ubuntu1) ...
Updating certificates in /etc/ssl/certs...
WARNING: FiddlerRoot.pem does not contain a certificate or CRL: skipping
9 Answers, 1 is accepted
Update to say that it looks like I solved my own problem.
I noticed that the FiddlerRoot certificate that I was trying to add to the system didn't look like what I imported into Firefox (The Firefox one contain the key info). I exported the certificate I had in FireFox and updated the system certs with that file - that one took and now HTTPS requests coming from terminal commands are decoded in Fiddler. =D
The odd thing was the the system didn't want to take the certificate that I exported directly from Fiddler, but Firefox did - maybe a beta limitation?
I'm trying to get fiddler configured for https on Ubuntu 14.04 and keep getting Secure connection Failed. I have errors both on Chrome and FF. I have used it on this machine before for a machine-local server.
I'm testing by trying to goto google.com which redirects to https://google.com - does this work for you?
Did you follow some online procedure to set it up? if so what are you steps?
I have the following:
Fiddler > options > https Capture Https Connections, Decrypt Https Traffic, from all processes
> Connections port 8888, Allow Remote Comps, Reuse client, reuse server (tried with these unchecked also)
Act as a sys proxy on startup, Monitor All connections
I exported cert to desktop FiddlerRoot.crt
On Chrome > Settings > Advanced > HTTPS/SSL Manage certs > You Certs > import > (change to all types) > FiddlerRoot.cer (not crt)
I get an error on import Certificate Import Error - The Private Key for this Client Certificate is missing or invalid
I generated Cert by using FF: 127.0.0.1:8888 (download FiddlerRoot cert)
I just tried using Chrome to gen the cert, it downloaded, i clicked on it (from within the browser download) which opened up the key.
it looks ok, but when I try to import its asking for a PIN - no idea what this pin is. I built the box and have admin privilege
any help would be great
Did you try exporting the certificate by clicking the relevant option in Options ->> HTTPS -> Actions?
Telerik by Progress
I came back here since I needed to reinstall Ubuntu which meant I needed to set up Fiddler again and I couldn't remember what I did. After reading my posts above I still can't remember.
I think I am inching closer to getting this certificate to recognize. By that I mean that when I went to Google a few hours ago, while using Fiddler, I would see the 'Connection Not Secure message' - which I think means Google is just actively refusing to recognize Fiddler's certificate. Now, I am getting a This Site Can't Be Reached page (ERR_SOCKET_NOT_CONNECTED) page.
I have tried a number of different things today to try to get this to work, but this is what I did with my last attempt:
- Installed mono 4.8.0
- Did not run the '/usr/lib/mono//mozroots --import --sync' command from the Linux setup page since when I tried I got a message in Terminal saying that mozroots is depreciated and to use client_sync instead. (client_sync seems to just update the mono cert store with whatever CRT file you pass to it.
- Installed Fiddler (Left it as default as I could - using 8888 as listing port)
- Ticked the 'Decrpyt HTTPS' box in Fiddler
- Exported the Fiddler certificate to the desktop
- Converted the CER cert file to PEM format (CRT specifically) with openssl (CA-certificates on ubuntu needs a PEM formatted cert file and the CER file Fiddler exports is in a binary format.)
- Copied the CRT file to /usr/share/ca-certificates/
- From terminal ran 'sudo dpkg-reconfigure ca-certificates' (Clicked 'Ask' then 'OK') (this re configures ca-certificates, runs update-ca-certificate, and updates mono cert store (by running client_sync from mono and passes it the updated ca-certificates.crt file that this process creates). This places a PEM version of the Fiddler CRT file into /etc/ssl/ca-certificates/ and packages it into the bigger ca-certificates.conf file which lists out all the certs that is in your root authority.
This is pretty much where I am at right now. Turning Fiddler off - I can get to Google just fine, turning it on gives me the page I mentioned at the top of this post. I can see all other HTTP requests as expected.
When I got this to work last time, I was reading a lot of suggestions of the web for how to get a CA certificate installed on Ubuntu and tried to pick that trail up again, but everything I read has since blended together. I do vaguely remember importing the Fiddler cert file into Firefox as a Person, exporting that cert, then importing the file I just exported back into FF as a CA trusted root, then deleted the person cert that I installed in the first place. I think I them used the cert exported from FF to import to the system with -update-ca-certificates'. I have no idea if this was a critical step or not.
I was also playing around with mitmproxy at the same time which also needed a proxy - again, no idea if that helped the process at all.
@Tim - I see 'Certificate Import Error - The Private Key for this Client Certificate is missing or invalid' when attempting to import the cert file as anything except a trusted root in Chrome or FF.
I am basically throwing things at a wall right now and seeing what sticks.
I'm using fiddler on Ubuntu 14.04 (not the new linux beta version).
There is no [Action] button.
Is it the case Fiddler on linux/Ubuntu just doesn't handle HTTPS?
It looks like the UI is broken on your side. Could you attach a screenshot of that? Have you moved/deleted any files in the FIddler folder?
Telerik by Progress
I too hit this particular problem, the fix for me was after exporting the cert to ensure I was importing it into the "Authorities" certificate store using certificate manager within Chromium.
Since then I am able to successfully decrypt HTTPS streams and I no longer receive the annoying Chromium stoppage warning.