Fiddler.BCCertMaker and "An unknown error occurred while processing the certificate"
687 views
Skip to first unread message
term srv
May 1, 2014, 10:52:12 PM5/1/14
to httpf...@googlegroups.com
Hello I'm using Fiddler 4.4.6.2 on Windows 7 x64. I recently installed the certmaker addon but it's an older version, "Using BCMakeCert.dll v2.0.3.0". I didn't realize it was the older version when I installed it.
I've noticed occasionally I will get this error in Firefox for random domains:
-------------------
Secure Connection Failed
An error occurred during a connection to themes.googleusercontent.com. You have received an invalid certificate. Please contact the server administrator or email correspondent and give them the following information: Your certificate contains the same serial number as another certificate issued by the certificate authority. Please get a new certificate containing a unique serial number. (Error code: sec_error_reused_issuer_and_serial)
-------------------
I was able to reproduce but not reliably in a clean Vista x86 (nothing installed and no Crypto\RSA) virtual machine by installing:
3105c4b38d03485c1797214b7b5e00f36ec644f8 *fiddlercertmaker.exe (v2.0.3.0)
ebb9cf83350108993cf4a7531165aba417d02f34 *fiddler4setup.exe (v4.4.6.2)
1d15bbd8559cff96e954b2afa24e3c9ea4b0af2e *Firefox Setup 24.5.0esr.exe
I open Fiddler and enable HTTPS debugging but I do not trust the certificate. Instead I export the certificate to the desktop and add it in Firefox to trust it. At this point I saved the state of the machine.
Then I go to random https domains like:
www.google.com, accounts.google.com, www.youtube.com, www.yahoo.com, etc. Most of the time things work fine. Sometimes, but not all the time, I will see the error message I quoted above in Firefox and I will see this message in Fiddler's logs for some random failing domain:
21:49:18:2932 !SecureClientPipeDirect failed: A call to SSPI failed, see inner exception. < An unknown error occurred while processing the certificate on pipe to (CN=themes.googleusercontent.com, O=DO_NOT_TRUST_BC, OU=Created by http://www.fiddler2.com).
I had to reset the state of the virtual machine and try several times before I was successfully in coaxing that out. I have since saved that state of the machine as well.
I am going to upgrade to the new certmaker.exe that is available on the website (I didn't check to see if a new one was released until I gathered all the data) but if there is anything else I can do or any more information you need please let me know. As I said I saved the state of the machine when a failure happened so if you need it I can restore that state and run some command.
Attached is a screenshot of the error message in Firefox and two Fiddler logs (I enabled fiddler.certmaker.bc.debug on both machines), one from Windows 7 x64 (themes.googleusercontent.com is bad) and one from the clean Vista x86 vm (accounts.youtube.com is bad).
Also, one more thing, I notice in the BCcert debug output UniqueName is always the same. Should it be like that?
Thanks
I've noticed occasionally I will get this error in Firefox for random domains:
-------------------
Secure Connection Failed
An error occurred during a connection to themes.googleusercontent.com. You have received an invalid certificate. Please contact the server administrator or email correspondent and give them the following information: Your certificate contains the same serial number as another certificate issued by the certificate authority. Please get a new certificate containing a unique serial number. (Error code: sec_error_reused_issuer_and_serial)
-------------------
I was able to reproduce but not reliably in a clean Vista x86 (nothing installed and no Crypto\RSA) virtual machine by installing:
3105c4b38d03485c1797214b7b5e00f36ec644f8 *fiddlercertmaker.exe (v2.0.3.0)
ebb9cf83350108993cf4a7531165aba417d02f34 *fiddler4setup.exe (v4.4.6.2)
1d15bbd8559cff96e954b2afa24e3c9ea4b0af2e *Firefox Setup 24.5.0esr.exe
I open Fiddler and enable HTTPS debugging but I do not trust the certificate. Instead I export the certificate to the desktop and add it in Firefox to trust it. At this point I saved the state of the machine.
Then I go to random https domains like:
www.google.com, accounts.google.com, www.youtube.com, www.yahoo.com, etc. Most of the time things work fine. Sometimes, but not all the time, I will see the error message I quoted above in Firefox and I will see this message in Fiddler's logs for some random failing domain:
21:49:18:2932 !SecureClientPipeDirect failed: A call to SSPI failed, see inner exception. < An unknown error occurred while processing the certificate on pipe to (CN=themes.googleusercontent.com, O=DO_NOT_TRUST_BC, OU=Created by http://www.fiddler2.com).
I had to reset the state of the virtual machine and try several times before I was successfully in coaxing that out. I have since saved that state of the machine as well.
I am going to upgrade to the new certmaker.exe that is available on the website (I didn't check to see if a new one was released until I gathered all the data) but if there is anything else I can do or any more information you need please let me know. As I said I saved the state of the machine when a failure happened so if you need it I can restore that state and run some command.
Attached is a screenshot of the error message in Firefox and two Fiddler logs (I enabled fiddler.certmaker.bc.debug on both machines), one from Windows 7 x64 (themes.googleusercontent.com is bad) and one from the clean Vista x86 vm (accounts.youtube.com is bad).
Also, one more thing, I notice in the BCcert debug output UniqueName is always the same. Should it be like that?
Thanks
Message has been deleted
EricLaw
May 2, 2014, 10:40:18 AM5/2/14
to httpf...@googlegroups.com
The error in Fiddler's log indicates that the client closed the connection because it didn't like the certificate.
The error in Firefox occurs when a certificate's serial number isn't unique.
"UniqueName" relates to the private key container; it's not relevant here.
If you can reproduce this using the latest Certificate Maker (please let me know), you can very likely workaround this problem using Tools > Fiddler Options > General > Use High Resolution Timers. I will include a better fix in the next build.
thanks,
-Eric
term srv
Jun 24, 2014, 1:33:33 AM6/24/14
to httpf...@googlegroups.com
Eric I was wondering if you ended up with a fix for this issue in Fiddler. Thanks
EricLaw
Jun 24, 2014, 1:35:01 PM6/24/14
to httpf...@googlegroups.com
This issue is fixed in v1.4.8.2 of the CertMaker.dll; please give the beta a shot: http://fiddlerbook.com/dl/FiddlerCertMaker.exe
thanks,
-Eric
term srv
Aug 10, 2014, 11:48:43 PM8/10/14
to httpf...@googlegroups.com
I've been using the beta for a while and I can confirm the problem no longer exists. Thanks
Reply all
Reply to author
Forward
0 new messages