This is a migrated thread and some comments may be shown as answers.

Valid Official Certificate

1 Answer 37 Views
Fiddler Classic
This is a migrated thread and some comments may be shown as answers.
Pascal
Top achievements
Rank 1
Pascal asked on 12 Jul 2014, 07:48 AM
Hello,
Is it possible to install a official certificate (like a purshased VeriSign certificate) instead of the auto generated certifcate by fiddler ?
Thanks
Pascal

1 Answer, 1 is accepted

Sort by
0
Eric Lawrence
Telerik team
answered on 14 Jul 2014, 08:15 PM
Hello, Pascal--

VeriSign will not sell you a "root" or "CA" certificate that can sign other certificates (which is what Fiddler uses to intercept traffic). They will sell you an "end-entity" or "server" certificate, which is used by a single server.

If you buy such a certificate and thus have its private key, then yes, you are able to use that certificate for that specific server. To do so, click Rules > Customize Rules > Scroll to OnBoot, and add the following

  // Connections to https://example.com will use the cert in cert.pfx
  CertMaker.StoreCert("
example.com", "C:\\temp\\cert.pfx", "TopSecretPassword");

Having said that, this is generally not a very good idea, because it means that your super-sensitive private key is getting stored on a relatively low-trust developer machine. Generally, you should only ever install a publicly-trusted certificate on a protected and properly-configured front-end server.

Regards,
Eric Lawrence
Telerik
 

Check out the Telerik Platform - the only platform that combines a rich set of UI tools with powerful cloud services to develop web, hybrid and native mobile apps.

 
Tags
Fiddler Classic
Asked by
Pascal
Top achievements
Rank 1
Answers by
Eric Lawrence
Telerik team
Share this question
or