When I look at the HTTPS certificates generated by Fiddler these certificates have a validity period of more than 3 years.
As more and more web browser do not accept certificates that have a validity of more than one year this leads to problems that valid certificates are rejected by the web browser just because the long validity.
I already ran into this problem using Chrome for Android...
Is there an option to configure the default validity period of the generated certificates?
3 Answers, 1 is accepted
Hi,
By default, Fiddler generates site certificates that are valid for 3 or 11 years, starting 1 year before the current date - e.g. for a certificate created on Jan 6, 2021, its validity will be from Jan 6th, 2020 to either 2023 or 2031, depending on the certificate engine used. To modify the start/end dates you need to use the "MakeCert" engine and add a specific key in the Windows Registry with the options.
First, open the Fiddler options window and navigate to the "HTTPS" tab. There you will see which engine Fiddler is using for the certificates. Look for the text "Certificates generated by ...". Click the name of the engine if it is not set to "MakeCert" and set it. If you change this value, do not forget to restart Fiddler and regenerate your root certificate! Finally, close the Fiddler app.
Next, open the Windows Registry Editor, navigate to HKEY_CURRENT_USER\SOFTWARE\Microsoft\Fiddler2 and create a new string value, called "MakeCertParamsEE". Set it to:
-pe -ss my -n "CN={0}{1}" -sky exchange -in {2} -is my -eku 1.3.6.1.5.5.7.3.1 -cy end -a {3} -m 13 -b {4} {5}
Note the "-m 13" parameter. This parameter sets the time period in months (in this case 13 months or one year and one month) for the generated site certificates. You can change this value to one that suits you - e.g. 24 for two years. After you set the registry entry, open Fiddler and verify that newly generated certificates are using the period you set.
Finally, if you don't want the site certificates to be valid one year before today, you can modify the registry key value and replace the "-b {4}" parameter with the date you want as start. For example "-m 12 -b 12/12/2020" will make a certificate valid from 12/12/2020 to 12/11/2021.
Regards,
Lini
Progress Telerik
Virtual Classroom, the free self-paced technical training that gets you up to speed with Telerik and Kendo UI products quickly just got a fresh new look + new and improved content including a brand new Blazor course! Check it out at https://learn.telerik.com/.
Hey Gordey and Jan,
You could try the alternative solution discussed in this forum thread. The specific solution steps are as follows:
- Open FIddler Classic and in the QuickExec box prefs show
- On your right side, you should see a new tab that lists Fiddler preferences. Find the preferences called fiddler.certmaker.bc.ee.yearsvalid and change its value to 1 (for one year). This should change the validity for dynamically generated certificates from CertMaker to approximately one year starting seven days prior to the current day.
Alternatively, you could use the QucikExec box and directly set the value via the command as follows
prefs set fiddler.certmaker.bc.ee.yearsvalid 1
Meanwhile, the team is working on proving a long-term solution so that the dynamically generated certificates will be created with the proper validity period.
Thanks for your feedback.
I tried to configure Fiddler as you described, however using the recent Version of Fiddler Classic this seems to be impossible because the installation does not contain the `CertMaker.dll`. Thereforeswitching to "MakeCert" always fails:
10:51:57:5004 Assembly 'C:\Users\XYZ\AppData\Local\Programs\Fiddler\CertMaker.dll' was not found. Using default Certificate Generator.
I even deinstalled Fiddler, deleted all settings and made a fresh re-installation using the latest version form your website.
So if this file is required where to get it from? I wasn't able to find a trustworthy source for this dll on the internet.
Hello,
CertMaker is another way to generate certificates - it is not installed out of the box with Fiddler Classic. This error should not matter if you select the MakeCert engine. If you decide to use the CertMaker engine anyway, you can get it from http://fiddler2.com/r/?fiddlercertmaker/. Download the extension and install it with Fiddler stopped. When you start Fiddler next time, the HTTPS options will be updated to use it (see attached screenshot). Note that you will need to reset your root certificate again after updating the certificate generating engine.
Regards,
Lini
Progress Telerik
Virtual Classroom, the free self-paced technical training that gets you up to speed with Telerik and Kendo UI products quickly just got a fresh new look + new and improved content including a brand new Blazor course! Check it out at https://learn.telerik.com/.