The distinguished certificate name on the Root CA certificate

1 Answer 128 Views
Fiddler Classic Windows
Dean
Top achievements
Rank 1
Dean asked on 12 Apr 2023, 04:08 AM | edited on 12 Apr 2023, 04:09 AM

Hey Nick,

Love the software. Could really help us in an upcoming project. One question. I've been playing with the HTTPS decryption. I've installed BouncyCastle and I'd like to run that. When the Root CA is generated, as you will know, DO_NOT_TRUST is displayed as the CAs name. This would be no good in the instance we needed to deploy Fiddler at the clients' site under our guidance. I've found some settings (prefs) namely; fiddler.CertMaker.Root.ExtraParams and fiddler.CertMaker.EE.ExtraParams. I've spent hours before reaching out. I found a bug using one of the other encryption systems, where the Root pref was read into the EE variable in the system, and also vice versa, the EE pref showed up as the Root setting. I've tried passing the -n argument along with the formatted distinguished name. I've had no success, hence why I am reaching out to you. Can you please explain to me how to change the Root CA Common names for the PoC setup Im building for an upcoming project?

Love the software and documentation. It's really great.

Warm regards

Dean

Dean
Top achievements
Rank 1
commented on 12 Apr 2023, 04:24 AM

If I make a cert and key pair, base64 it, and put it in the BouncyCastle prefs would that work?

1 Answer, 1 is accepted

Sort by
0
Nick Iliev
Telerik team
answered on 12 Apr 2023, 06:37 AM

Hello Dean,

 

Thank you for your feedback on Fiddler Classic!

Fiddler Classic was not designed with the option to use a custom certificate. It uses some hardcoded settings that might overwrite some custom preferences so setting a custom certificate through the Fiddler preferences will probably not work.

That said, using a custom certificate is doable with FiddlerCore, a NET library that you can use to create your own custom application. Details on how to pass the base64 string through FiddlerApplication.Prefs.SetStringPrefs can be found in the following documentation section:

https://docs.telerik.com/fiddlercore/knowledge-base/persisting-the-root-certificate-in-fiddler-core#store-certificate-keys-in-application-settings 

And specifically:

if (!string.IsNullOrEmpty(App.Configuration.UrlCapture.Cert))
 {
     FiddlerApplication.Prefs.SetStringPref("fiddler.certmaker.bc.key", App.Configuration.UrlCapture.Key); // Read the Key from Application Configuration
     FiddlerApplication.Prefs.SetStringPref("fiddler.certmaker.bc.cert", App.Configuration.UrlCapture.Cert); // Read the Cert from Application Configuration
 }

 

Regards,
Nick Iliev
Progress Telerik

Love the Telerik and Kendo UI products and believe more people should try them? Invite a fellow developer to become a Progress customer and each of you can get a $50 Amazon gift voucher.

Dean
Top achievements
Rank 1
commented on 12 Apr 2023, 07:20 AM

Thanks for getting back to me so quickly. It seems a real shame Fiddler Classic can't use a custom Root CA. I mean, I dont even mind if it's not a custom Root CA, I just want to change the common name so it is in line with our project and organisation. I realise I could do this as you said with Fiddler Core but then I have to code something you guys already made?
Nick Iliev
Telerik team
commented on 12 Apr 2023, 10:41 AM

So far, there is no option to change the common name of the Fiddler CA in Fiddler Classic. The team has acknowledged the need to update the name so that it does not sound like a threat (which was the initial idea back in the early days of Fiddler), but the change is yet to come in Fiddler Classic.

Meanwhile, you could explain to your users that It is safe to trust this certificate when using Fiddler Classic. It is named DO_NOT_TRUST_FiddlerRoot, so a system administrator can notice this is not a regular root CA. Fiddler has used this naming convention for its CA for over 13 years, so it is also a widely known name.

Tags
Fiddler Classic Windows
Asked by
Dean
Top achievements
Rank 1
Answers by
Nick Iliev
Telerik team
Share this question
or