Extending the expiration date of the root certificate created by Fiddler.CertMaker.createRootCert()
551 views
Skip to first unread message
Kevin Layfield
Nov 2, 2011, 12:06:34 PM11/2/11
to Fiddler
The project that I am working on requires us to have control over the
expiration date of the root certificate that is created by Fiddler. I
am not certain, but it appears that currently, the root certificate
has its expiration date set to one year or so after it is created. We
are looking to set it very far in the future in order to reduce the
maintenance of these certs on our systems. Is there any way to set
the expiration date of the root cert that is created through Fiddler?
If not, could you list the parameters that are used by Fiddler's
Fiddler.CertMaker.createRootCert() function to create the cert with
makecert.exe so that I may replicate that process manually with my own
expiration date?
Thank you for your assistance and time.
expiration date of the root certificate that is created by Fiddler. I
am not certain, but it appears that currently, the root certificate
has its expiration date set to one year or so after it is created. We
are looking to set it very far in the future in order to reduce the
maintenance of these certs on our systems. Is there any way to set
the expiration date of the root cert that is created through Fiddler?
If not, could you list the parameters that are used by Fiddler's
Fiddler.CertMaker.createRootCert() function to create the cert with
makecert.exe so that I may replicate that process manually with my own
expiration date?
Thank you for your assistance and time.
Rafael Rivera
Nov 2, 2011, 12:48:38 PM11/2/11
to Fiddler
Errrrr. What scenario requires that you maintain Fiddler interception certificates for longer than a few days, let alone a year? Are you using Fiddler as some sort of poor man's IDS? Sounds scary, to be honest.
--
You received this message because you are subscribed to the Google Groups "Fiddler" group.
To post to this group, send email to httpf...@googlegroups.com.
To unsubscribe from this group, send email to httpfiddler...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/httpfiddler?hl=en.
EricLaw
Nov 2, 2011, 12:59:26 PM11/2/11
to Fiddler
The default implementation of the certificate maker code generates a
root cert (and server certs) that are valid for 519 weeks. This seems
like it ought to be plenty for your scenario.
-Eric
root cert (and server certs) that are valid for 519 weeks. This seems
like it ought to be plenty for your scenario.
-Eric
Kevin Layfield
Nov 2, 2011, 2:20:41 PM11/2/11
to Fiddler
Thanks Eric, after receiving your reply, we doublechecked the
certificates and you're right - there is plenty of time on those
certs. The cert that we were worried about was actually from a
different system. On a related note, could you tell me what would
happen once the server certs created by Fiddler would expire?
Essentially, I'm just wondering if Fiddler would automatically create
a new one at that point. Thanks again.
certificates and you're right - there is plenty of time on those
certs. The cert that we were worried about was actually from a
different system. On a related note, could you tell me what would
happen once the server certs created by Fiddler would expire?
Essentially, I'm just wondering if Fiddler would automatically create
a new one at that point. Thanks again.
EricLaw
Nov 2, 2011, 2:32:51 PM11/2/11
to Fiddler
Fiddler is not presently smart enough to ignore expired certificates
when looking for a certificate to secure HTTPS traffic.
Sometime in the next 10 years, you'll have to click the "Remove
interception certificates" button to clear the Windows cache and force
Fiddler to recreate all of its certificates.
thanks,
-Eric
> > > Thank you for your assistance and time.- Hide quoted text -
>
> - Show quoted text -
when looking for a certificate to secure HTTPS traffic.
Sometime in the next 10 years, you'll have to click the "Remove
interception certificates" button to clear the Windows cache and force
Fiddler to recreate all of its certificates.
thanks,
-Eric
>
> - Show quoted text -
Kevin Layfield
Nov 2, 2011, 2:41:20 PM11/2/11
to Fiddler
Sorry for the double reply here, but I just got done discussing this
with my boss and he asked me to followup. Ten years is a substantial
amount of time, but the system we have in place could potentially
require the Fiddler root cert for more than ten years. It's something
that once we have in place, we may or may not need to change in the
future. My boss would just prefer us to be able to set the time even
farther in the future (his example was twenty years, though I do
believe he was looking for a custom expiration date) so that there is
no way that we would still be using any of the same servers then that
we are when we first generate the cert. The fear is that ten years
from now when the cert expires, if we are using any of the same
servers, we are going to start getting a ton of errors in our systems
and it will be difficult to determine the reason why. Is there any
way you can help us out with that problem?
Regards,
Kevin Layfield
with my boss and he asked me to followup. Ten years is a substantial
amount of time, but the system we have in place could potentially
require the Fiddler root cert for more than ten years. It's something
that once we have in place, we may or may not need to change in the
future. My boss would just prefer us to be able to set the time even
farther in the future (his example was twenty years, though I do
believe he was looking for a custom expiration date) so that there is
no way that we would still be using any of the same servers then that
we are when we first generate the cert. The fear is that ten years
from now when the cert expires, if we are using any of the same
servers, we are going to start getting a ton of errors in our systems
and it will be difficult to determine the reason why. Is there any
way you can help us out with that problem?
Regards,
Kevin Layfield
Reply all
Reply to author
Forward
0 new messages