Re: Problem with https on Windows XP after running FiddlerCertMaker.exe

1,479 views
Skip to first unread message

EricLaw

unread,
Feb 9, 2013, 8:40:28 AM2/9/13
to httpf...@googlegroups.com
The current version of the Fiddler certificate maker plugin works fine on Windows XP; assuming you have an older one, you can simply install the new one from the Fiddler Website and it should work. If it doesn't work, please send me the text from Fiddler's Log tab after it fails to create a certificate.

Having said that, to remove the Fiddler Certificate Maker, you should be able to simply run its uninstaller (it's separate from Fiddler's) or delete CertMaker.dll from Fiddler's installation folder.

kerryb

unread,
Feb 11, 2013, 11:34:27 AM2/11/13
to httpf...@googlegroups.com

I had tried all the latest versions from the fiddler site. Whenever I try to go to a https url the following is an example of what I get in the Fiddler log tab


11:29:30:0984 /Fiddler.CertMaker>16-CreateCert(www.google.com) => (0). 

11:29:30:0984 !SecureClientPipeDirect failed: The credentials supplied to the package were not recognized on pipe 480,481, (CN=www.google.com, O=DO_NOT_TRUST, OU=Created by http://www.fiddler2.com

11:29:30:2546 !SecureClientPipeDirect failed: The credentials supplied to the package were not recognized on pipe 482, (CN=www.google.com, O=DO_NOT_TRUST, OU=Created by http://www.fiddler2.com

EricLaw

unread,
Feb 11, 2013, 11:42:24 AM2/11/13
to httpf...@googlegroups.com
2. In Fiddler, type prefs set fiddler.certmaker.bc.Debug True 
 
Then, try visiting a HTTPS site in the browser. What's the output on the Log tab?
 
 
 

kerryb

unread,
Feb 11, 2013, 12:30:13 PM2/11/13
to httpf...@googlegroups.com

-= Fiddler Event Log =-

See http://www.fiddler2.com/redir/?id=FiddlerLog for details.


12:27:41:8750 Fiddler Running... 

12:27:50:9531 Fiddler ICertificateProvider v1.4.3.4 loaded.


fiddler.certmaker.bc.Debug: True 

12:27:50:9531 Fiddler.BCCertMaker> Asked to MakeNewCert(www.google.com) from thread 11... 

12:27:51:0312 Proceeding to generate (www.google.com) on thread 11. 

12:27:51:1093 !Fiddler.BCCertMaker> Creating new Root certificate from thread #11 

12:27:51:5937 Fiddler.BCCertMaker> Root certificate created. 

12:27:51:6406 Fiddler.BCCertMaker> CreatingCert for: www.google.com 

12:27:51:7343 Fiddler.BCCertMaker> PrivateKey Generation took: 92ms. 

12:27:51:7500 Fiddler.BCCertMaker> EECert Generation took: 116ms in total. 

12:27:51:7812 Fiddler.BCCertMaker> Converting BCKey to DotNetKey using CSP Provider type: 1 

12:27:52:6093 ContainerInfo for www.google.com's Certificate's PrivateKey

KCName:FiddlerBCKey

Exportable:True

IsMachine:False

Protected:False

Removable:False

Provider:Entrust Default Cryptographic Provider (1)

UniqueName:6126ce6d65fe3c035ce2d7d51f5a45f2_4dfe6791-5aee-4db4-becf-5fa84bf4e308

RandomlyGenerated:False

 

12:27:52:6093 Fiddler.BCCertMaker> BC-to-.NET Conversion took: 852ms. 

12:27:52:6093 Fiddler.BCCertMaker> Caching EECert for www.google.com 

12:27:52:6093 /Signaling [www.google.com] is ready, created by thread 11. 

12:27:52:6875 !SecureClientPipeDirect failed: The credentials supplied to the package were not recognized on pipe 2, (CN=www.google.com, O=DO_NOT_TRUST_BC, OU=Created by http://www.fiddler2.com

12:27:52:7968 !SecureClientPipeDirect failed: The credentials supplied to the package were not recognized on pipe 3, (CN=www.google.com, O=DO_NOT_TRUST_BC, OU=Created by http://www.fiddler2.com


EricLaw

unread,
Feb 11, 2013, 2:51:19 PM2/11/13
to httpf...@googlegroups.com
The problem is here: "Provider:Entrust Default Cryptographic Provider (1)"
 
This means that you have some software on your computer from a company called "Entrust" which has replaced your system's cryptographic service provider and it's apparently buggy.
 
If you can't uninstall that software, you might try this:
 
prefs set fiddler.certmaker.bc.KeyProviderType 24
 
Then restart Fiddler.
 
Please let me know if this helps, and if not, what the log tab says.
 
thanks!

kerryb

unread,
Feb 11, 2013, 3:02:53 PM2/11/13
to httpf...@googlegroups.com
Tried it. same result as before. here is the log

-= Fiddler Event Log =-


15:00:38:7128 Fiddler.BCCertMaker> Asked to MakeNewCert(www.google.com) from thread 13... 

15:00:38:7128 Proceeding to generate (www.google.com) on thread 13. 

15:00:38:7128 Fiddler.BCCertMaker> CreatingCert for: www.google.com 

15:00:38:7128 Fiddler.BCCertMaker> PrivateKey Generation took: 0ms. 

15:00:38:7284 Fiddler.BCCertMaker> EECert Generation took: 8ms in total. 

15:00:38:7284 Fiddler.BCCertMaker> Converting BCKey to DotNetKey using CSP Provider type: 24 

15:00:38:7596 ContainerInfo for www.google.com's Certificate's PrivateKey

KCName:FiddlerBCKey

Exportable:True

IsMachine:False

Protected:False

Removable:False

Provider: (24)

UniqueName:6126ce6d65fe3c035ce2d7d51f5a45f2_4dfe6791-5aee-4db4-becf-5fa84bf4e308

RandomlyGenerated:False

 

15:00:38:7596 Fiddler.BCCertMaker> BC-to-.NET Conversion took: 29ms. 

15:00:38:7596 Fiddler.BCCertMaker> Caching EECert for www.google.com 

15:00:38:7596 /Signaling [www.google.com] is ready, created by thread 13. 

15:00:38:7596 !SecureClientPipeDirect failed: The credentials supplied to the package were not recognized on pipe 96, (CN=www.google.com, O=DO_NOT_TRUST_BC, OU=Created by http://www.fiddler2.com

15:00:38:8534 !SecureClientPipeDirect failed: The credentials supplied to the package were not recognized on pipe 97, (CN=www.google.com, O=DO_NOT_TRUST_BC, OU=Created by http://www.fiddler2.com


EricLaw

unread,
Feb 11, 2013, 3:13:06 PM2/11/13
to httpf...@googlegroups.com
Hrm... I'll probably need to do more research on this. Do you know what Entrust software you have installed, and why? (Are there entries in your Add/Remove Programs control panel)?

kerryb

unread,
Feb 11, 2013, 4:42:55 PM2/11/13
to httpf...@googlegroups.com
Its installed by my system admin. its from entrust.com. not sure what exact version. It doesnt show up in add/remove programs

EricLaw

unread,
Feb 19, 2013, 11:57:20 AM2/19/13
to httpf...@googlegroups.com
Backing up a bit-- if you leave the Entrust keys in place, and install the Fiddler Certificate Maker (http://www.fiddler2.com/dl/FiddlerCertMaker.exe) and restart Fiddler, what error message(s) do you see in the Log tab when you try to navigate to HTTPS sites?

EricLaw

unread,
Feb 21, 2013, 1:33:25 PM2/21/13
to httpf...@googlegroups.com
When FiddlerCertMaker is installed, the fiddler.certmaker.Root.extraparams preference isn't used for anything. (That preference affects the default certmaker).
 
>interestingly, I was not able to login to Google to post this reply with Fiddler active
 
Did you manually configure Firefox to trust the latest FiddlerRoot certificate that you generated? Firefox doesn't respect the system's trusted roots list, so it requires manual configuration.
 
Reply all
Reply to author
Forward
0 new messages