Valid Official Certificate

2 posts, 0 answers
  1. Pascal
    Pascal avatar
    2 posts
    Member since:
    Jan 2013

    Posted 12 Jul 2014 Link to this post

    Is it possible to install a official certificate (like a purshased VeriSign certificate) instead of the auto generated certifcate by fiddler ?
  2. Eric Lawrence
    Eric Lawrence avatar
    832 posts

    Posted 14 Jul 2014 Link to this post

    Hello, Pascal--

    VeriSign will not sell you a "root" or "CA" certificate that can sign other certificates (which is what Fiddler uses to intercept traffic). They will sell you an "end-entity" or "server" certificate, which is used by a single server.

    If you buy such a certificate and thus have its private key, then yes, you are able to use that certificate for that specific server. To do so, click Rules > Customize Rules > Scroll to OnBoot, and add the following

      // Connections to will use the cert in cert.pfx
      CertMaker.StoreCert("", "C:\\temp\\cert.pfx", "TopSecretPassword");

    Having said that, this is generally not a very good idea, because it means that your super-sensitive private key is getting stored on a relatively low-trust developer machine. Generally, you should only ever install a publicly-trusted certificate on a protected and properly-configured front-end server.

    Eric Lawrence

    Check out the Telerik Platform - the only platform that combines a rich set of UI tools with powerful cloud services to develop web, hybrid and native mobile apps.

Back to Top