How do I force Windows 10 to trust the Fiddler root certificate?

I need to intercept certain HTTPS traffic from the local application to the remote web site. On Win7 it was easy enough to achieve by using Now I am running the Windows10 box, and no matter what I do, the system does not trust the temp certificates generated by fiddler. The steps performed so far: 1. Used the action "Trust root certificate" from Fiddler settings/Https/Actions menu 2. Exported the root cert onto the desktop, imported into both Local Machine's and current users Trusted Root Authorities sections

Still IE reports "the certificate is not issued by a trusted root authority", and the client app I need to trace complains that "it is not possible to establish a secure SSL/TLS connection with the remote host", which is the same diag in other words.

3

5 Answers

I had a similar issue whereby not HTTPS traffic could be picked up by Fiddler in Windows 10.

Resolved as follows: In Fiddler (v4.6.2): Tools Menu >> Fiddler Options >> HTTPS Tab >> Actions button >> Reset All Certificates.

Apparently the issue (at least the one I was having) was caused by having a mixture of old and new certs:

I’ve made changes to the latest versions of Fiddler to improve the performance of certificate creation, and to avoid problems with new certificate validation logic coming to Chrome and Firefox. The biggest of the Fiddler changes is that CertEnroll is now the default certificate generator on Windows 7 and later. Unfortunately, this change can cause problems for users who have previously trusted the Fiddler root certificate; the browser may show an error message like NET::ERR_CERT_AUTHORITY_INVALID or The certificate was not issued by a trusted certificate authority.

Ref:

2

Ok, looks like I've figured it out. In order to fix this issue, I had to install the certificate into a specific Physical store under Trusted Root Authorities- the Enterprise one. Importing into the Registry store doesn't help.

1

I reset my certificates by Tool > Options > HTTPs > Action > Reset all certificates but it doesn't work.

This is how I fixed my problem

  • Restart service CryptSvc.
  • Right click HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Root\ProtectedRoots
  • Permission > Current Windows Users > Full Access
  • Delete Full Key HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Root
  • Restart Windows and that's it

Ref:

1

When configuring Telerik's Fiddler to handle HTTPS, I could not get root certificate installed. The error was "Failed to find the root certificate in User Root List". I solved the problem by temporarily turning off WebRoot, my antivirus program, then reattempting to enable HTTPS handling which installs Fiddler's root certificate. You may have to click the Action button on the HTTPS tab to remove/reset previous certificates before being able to create a new certificate.

1

I had the same issue after a domain migration and the following fixed it:

  • Open regedit as admin
  • Go to HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Root\ProtectedRoots
  • Right mouse button , permissions
  • Message You do not have permissions to view the current permission settings for ProtectedRoots, but you can make permission changes.
  • Set Owner to MachineName\Administrators
  • Set your NewDomain\Username to READ
  • Set NT SERVICE\CryptSvc to Full Control (if needed)
  • Press OK and close the permissions window.
  • Re-open the permissions and change the owner to SYSTEM
  • Go to HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Root\ and check the permissions over there. We noticed that the Owner was still OldDomain\Username

Your Answer

Sign up or log in

Sign up using Google Sign up using Facebook Sign up using Email and Password

Post as a guest

By clicking “Post Your Answer”, you agree to our terms of service, privacy policy and cookie policy

You Might Also Like