This is a migrated thread and some comments may be shown as answers.

Your connection is not private - NET::ERR_CERT_INVALID

5 Answers 5045 Views
Windows
This is a migrated thread and some comments may be shown as answers.
khalid
Top achievements
Rank 1
khalid asked on 09 Jan 2015, 11:14 AM
Hi,

On visiting https sites like https://google.com, etc. from non-administrator windows account shows following error in chrome-

Note: There are no issues with Administrator account. Also latest fidder dll is used.

Kindly suggest.

=====ERROR=========================

Your connection is not private

NET::ERR_CERT_INVALID

Subject: www.google.co.in
Issuer: DO_NOT_TRUST_FiddlerRoot
Expires on: Jan 9, 2025
Current date: Jan 9, 2015
PEM encoded chain: -----BEGIN CERTIFICATE-----
MIIEIDCCAwigAwIBAgIQTlVbjpOQwE2xzdCLAw6zwjANBgkqhkiG9w0BAQsFADBq
MSswKQYDVQQLDCJDcmVhdGVkIGJ5IGh0dHA6Ly93d3cuZmlkZGxlcjIuY29tMRgw
FgYDVQQKDA9ET19OT1RfVFJVU1RfQkMxITAfBgNVBAMMGERPX05PVF9UUlVTVF9G
aWRkbGVyUm9vdDAeFw0xNTAxMDIwMDAwMDBaFw0yNTAxMDkwMDAwMDBaMGIxKzAp
BgNVBAsMIkNyZWF0ZWQgYnkgaHR0cDovL3d3dy5maWRkbGVyMi5jb20xGDAWBgNV
BAoMD0RPX05PVF9UUlVTVF9CQzEZMBcGA1UEAwwQd3d3Lmdvb2dsZS5jby5pbjCC
ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJcH4QBeyYzwqGnzXAJi/XGd
og+X3IUltUelLtp/4Gu4iJPY4lPiH7nZhOc4sflPvwgR9fjkW8VC66MaC7LIHxYE
QzY/F0vhQwtuyHuuytb+fJ83A016qB0dxIsKv23vRLJJWZNY2T070XFTPD0P90Wk
80OUTbNxSmwVjSO+v5Fj2punwacfyiSO/SwXdYK2Si4qPYfMrk4+XhGYWibISHuL
MkBb2txztAxrNiLD4srR0E4YBCYWVLzKzbxTcj/e+HXe+wWkVYxQMYawZoUTwZqG
F442jRcmkCwnjA+O6vJLnmhbfA57cafFxLE2WRCsgrjMl2rwlL+EC/AAkTYyymMC
AwEAAaOByTCBxjCBowYDVR0jBIGbMIGYgBTwWRI8PkxLwZJVD8ILIP3dE1jB7KFu
pGwwajErMCkGA1UECwwiQ3JlYXRlZCBieSBodHRwOi8vd3d3LmZpZGRsZXIyLmNv
bTEYMBYGA1UECgwPRE9fTk9UX1RSVVNUX0JDMSEwHwYDVQQDDBhET19OT1RfVFJV
U1RfRmlkZGxlclJvb3SCEACChZyw50T3L/zLgc+6CyswCQYDVR0TBAIwADATBgNV
HSUEDDAKBggrBgEFBQcDATANBgkqhkiG9w0BAQsFAAOCAQEAUTjBICxinfvOZUhO
zuLt1XBrJT1yrPOPVjEUExzeEiGWCe+uUTooavXlWdwXpL3g5PzBasLGNFxSTmpY
c1fOQuWWvqNcAwpgbZxmMVstseQ+q89BS3eyvNBB6mM7K91LseGHYBE7ji3FpRJs
Ggc2hDkoGBdWIgq3fKtd7kIxB7g7hMBt7ec2eCcDkU1ACONO4AUz3PifomKQ8yv0
Dh0pI2WVwCRhOxzX3HvXVBrrd6kam8PDudHhCTKPLY4DUaa8eaWC4DfVKYAp+uEk
pQgvqwAgw3drnGr0SB9AiTFXuPeEVtj9XUHZg/5VoC821npnh1NeFWyVlvlwRNTp
odIZhw==
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIDozCCAougAwIBAgIQALGostjdEpCpSiqILm1ymzANBgkqhkiG9w0BAQsFADBq
MSswKQYDVQQLDCJDcmVhdGVkIGJ5IGh0dHA6Ly93d3cuZmlkZGxlcjIuY29tMRgw
FgYDVQQKDA9ET19OT1RfVFJVU1RfQkMxITAfBgNVBAMMGERPX05PVF9UUlVTVF9G
aWRkbGVyUm9vdDAeFw0xNTAxMDIwMDAwMDBaFw0yNTAxMDkxNjA2MjdaMGoxKzAp
BgNVBAsMIkNyZWF0ZWQgYnkgaHR0cDovL3d3dy5maWRkbGVyMi5jb20xGDAWBgNV
BAoMD0RPX05PVF9UUlVTVF9CQzEhMB8GA1UEAwwYRE9fTk9UX1RSVVNUX0ZpZGRs
ZXJSb290MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnPFzPLUapT7u
FJunqww41DAq3IrBAvn+rgwn/CtjloMANfBAYdslEQKyZXrYMUlbUoxD3ibewVv2
S+Y5fIUr/scFYi0lYdNNCfN68kxd0OAyEMpnU1l9NFj1l8+mz0GYHk+aT5roLFjj
slyV0gHQSjBogkLCyWrsU1yZgmKK0jph8GMHjeaqugiSjluwp7zMfMIhqlxLMAH8
kmhET1+wC3z8stAFVbzoEudq/gRsChHivc2+1FptWrVhTpDMYvxgKiCCOkiiphN3
+X6g4W4fDFVaLa9RGgVYdQIlBDxsdylAXv4EvKZ6vt+VZ8j88bxPZ8MOUdSrA8VH
1uEWK1e1lwIDAQABo0UwQzASBgNVHRMBAf8ECDAGAQH/AgEAMA4GA1UdDwEB/wQE
AwICBDAdBgNVHQ4EFgQUsP3igXensy7iYLaTmhwc+vr4feswDQYJKoZIhvcNAQEL
BQADggEBAJdOMo0tPo8zluUliCJMbCn1UDkj9av4yir5vGHa9ettvsFF6E6JmHys
eM2d3DhPjT4hqhrx6KpJqFHAhW/EoHqurVbfvQhzVt2wYWx+Ivr83AXnpuHkbCrp
UnVSt3MlsY5/DrOWDQd+L3wGB3N5Wem8JOEhXZ7D7LkFEwEXvk3OPocVZ5RGrs9h
ghk2js5ewXAdWtudPnd2Gy8gjh5NIWgGZqaaNJkXHYSOZ2rlRhmzP2rYvX9FnzN3
t6jX/H4gucNVl6whQ17hcnHDeRQm1zNJAnYbh3bUn7TycqY+Ti9eotzgrQGZ8IbL
JcGMZRh+PlUuGD9oXf1Y0PSKzTQD93E=
-----END CERTIFICATE----











5 Answers, 1 is accepted

Sort by
0
Eric Lawrence
Telerik team
answered on 10 Jan 2015, 04:10 PM
This message simply means that the Fiddler root certificate is not trusted.

If you hit this in Fiddler, you should disable HTTPS decryption (using Tools > Fiddler Options > HTTPS) and then reenable. Accept the prompt to trust the certificate.

If you hit this in FiddlerCore, did your FiddlerCore application manually trust the Fiddler root certificate? How did it do so? If you try to add the root to the MACHINE context store, the call will fail with Access Denied unless your FiddlerCore app is run as an administrator. When you add it to the USER context store, the request will show a dialog box before trusting the certificate.

Regards,
Eric Lawrence
Telerik
 

Check out the Telerik Platform - the only platform that combines a rich set of UI tools with powerful cloud services to develop web, hybrid and native mobile apps.

 
0
khalid
Top achievements
Rank 1
answered on 12 Jan 2015, 05:16 AM
Hello Eric,

We have used FiddlerCore.dll in an C# application. Following is our code to create and trust root-

The application does not require any user intervene and needs to work with same functionality for all users.

Kindly suggest.

===
bool bCreatedRootCertificate = false,
bTrustedRootCert = false;

                if (!Fiddler.CertMaker.rootCertExists())
                {
                    bCreatedRootCertificate = Fiddler.CertMaker.createRootCert();
                    if (!bCreatedRootCertificate) return false;
                }

                setMachineTrust(Fiddler.CertMaker.GetRootCertificate());

                if (!Fiddler.CertMaker.rootCertIsTrusted())
                {
                    bTrustedRootCert = Fiddler.CertMaker.trustRootCert();
                    if (!bTrustedRootCert) return false;
                }
===

private static bool setMachineTrust(X509Certificate2 oRootCert)
        {  
                X509Store certStore = new X509Store(StoreName.Root,
                                                    StoreLocation.LocalMachine);
                certStore.Open(OpenFlags.ReadWrite);

                try
                {
                    certStore.Add(oRootCert);
                }
                finally
                {
                    certStore.Close();
                }

                return true;           
        }

0
Eric Lawrence
Telerik team
answered on 12 Jan 2015, 03:26 PM
If you want setMachineTrust to function, your code must be run as an administrator. For obvious security reasons, you cannot reconfigure the machine's trusted certificate store unless you are running with Administrative permissions.

Regards,
Eric Lawrence
Telerik
 

Check out the Telerik Platform - the only platform that combines a rich set of UI tools with powerful cloud services to develop web, hybrid and native mobile apps.

 
0
khalid
Top achievements
Rank 1
answered on 13 Jan 2015, 09:03 AM
Thanks for your help Eric,

As mentioned we are using FiddlerCore and so now the Windows User (non- administrator)  is getting a dialog box for trusting the certificate.

If we use code signing certificate from Verisign, Is there a possibility to trust the certificate programmatically, and therefore avoid the dialog box for the user.

or are there any other ways to avoid the dialog box and still trust the cert.

Kindly let me know.
Thanks
0
Eric Lawrence
Telerik team
answered on 13 Jan 2015, 03:44 PM
There are two places to get the certificate trusted:

1. In the machine store (requires admin)
2. In the user store (does not require admin, does show prompt)

I've been told that there are ways to get the certificate in the user-store without showing the prompt, but they are not documented by Microsoft.
 
Generally speaking, your best bet would be to have your installer (running as admin) trust the certificate.

Regards,
Eric Lawrence
Telerik
 

Check out the Telerik Platform - the only platform that combines a rich set of UI tools with powerful cloud services to develop web, hybrid and native mobile apps.

 
Tags
Windows
Asked by
khalid
Top achievements
Rank 1
Answers by
Eric Lawrence
Telerik team
khalid
Top achievements
Rank 1
Share this question
or