Where does CertMaker add-on stores certificates?
144 views
Skip to first unread message
Michael
Nov 11, 2015, 12:12:52 PM11/11/15
to Fiddler
Hi Eric,
I was reading your great article http://www.telerik.com/blogs/faq---certificates-in-fiddler and one of the paragraphs states that :
CertMaker Add-on
To address each of these shortcomings, the CertMaker add-on replaces the default certificate generator with a C#-implementation based on the BouncyCastle C# library. Certificates generated by this add-on are not stored inside the Windows certificate store and include the fields required for compatibility with iOS and Android. Additionally, the add-on works properly on the Mono Framework, and thus it is the default Certificate Generator for Fiddler on Mono.
To address each of these shortcomings, the CertMaker add-on replaces the default certificate generator with a C#-implementation based on the BouncyCastle C# library. Certificates generated by this add-on are not stored inside the Windows certificate store and include the fields required for compatibility with iOS and Android. Additionally, the add-on works properly on the Mono Framework, and thus it is the default Certificate Generator for Fiddler on Mono.
Please excuse my curiosity, I was wondering what is the location of those certificates. And my other question is if by selecting the "Clear servers certs on exit" setting from the CertEnroll Preferences if it removes those certs from that path when you close Fiddler.
And my third question is if there is a performance impact (a significant performance impact on generating those certs and not relying on the cache).
Thanks.
EricLaw
Nov 11, 2015, 12:46:05 PM11/11/15
to Fiddler
Hi, Michael--
If you run CertMgr.msc in Windows (or use the new Actions > Windows Certificate Manager command in Fiddler 4.6.1.5) you can view the Windows Certificate stores. These stores contain all of the certificates generated by MakeCert and CertEnroll (the two engines in the "Default Certificate Provider" Fiddler ships with).
Setting the "Clear server certs on exit" option does indeed clear the certificates added by those generators.
In contrast, the only certificate installed in the Windows storage by the BouncyCastle Certificate Provider is the root certificate (required for Windows to trust the root).
In terms of performance, yes, there's a performance cost, but it varies by provider:
MakeCert - Most significant cost; each certificate requires generation of a new 2048bit RSA key which can take a while on older hardware.
CertEnroll - Less significant cost; each time Fiddler starts, it generates a single 2048bit RSA key which it reuses across other certificates generated in that session.
BouncyCastle -- Basically free; this provider caches a single private key in a Fiddler Preference and reuses it across Fiddler sessions.
Michael
Nov 11, 2015, 1:09:47 PM11/11/15
to Fiddler
Thanks for the broad explanation Eric,
As always, your help is highly appreciated.
Reply all
Reply to author
Forward
0 new messages