Invalid Server Certificate Signature?

[circle]

Hi all,

I was analyzing some HTTPS traffic with Fiddler2 (v2.4) on Windows 7 x64 and it worked very well until yesterday.

Starting from some point, I was no longer able to connect to any HTTPS service via Fiddler if the "Decrypt HTTPS traffic" option is enabled. From the session list, I can see CONNECT requests and the responses are HTTP 200 Connection established. Since I didn't trust the Fiddler root cert system-wide, the browser (Firefox) prompted me whether to proceed because the server certificate wasn't trusted. However, when I clicked proceed, I can't see any new requests in Fiddler with the HTTPS traffic decrypted. Instead, the browser loads a while at the "Waiting for xxx.xxxxx.com..." state and then said the connection was reset. Also tried with IE9 and Chrome which both complained about the certificate error. 

When opening the server certificate in Windows, in the "Certificate Path" tab, there was a red cross next to the target server domain name and the certificate status was "This certificate has an invalid digital signature.". Maybe some problem with the server cert generation in my Fiddler?

Here is an example cert generated by Fiddler when accessing www.google.com 

-----BEGIN CERTIFICATE-----

MIIDCzCCAnSgAwIBAgIIZK3ARuPNzwgwDQYJKoZIhvcNAQEFBQAwZzErMCkGA1UE

CwwiQ3JlYXRlZCBieSBodHRwOi8vd3d3LmZpZGRsZXIyLmNvbTEVMBMGA1UECgwM

RE9fTk9UX1RSVVNUMSEwHwYDVQQDDBhET19OT1RfVFJVU1RfRmlkZGxlclJvb3Qw

HhcNMTMwMTI0MDAwMDAwWhcNMjMwMTMxMDAwMDAwWjBgMSswKQYDVQQLDCJDcmVh

dGVkIGJ5IGh0dHA6Ly93d3cuZmlkZGxlcjIuY29tMRgwFgYDVQQKDA9ET19OT1Rf

VFJVU1RfQkMxFzAVBgNVBAMMDnd3dy5nb29nbGUuY29tMIGfMA0GCSqGSIb3DQEB

AQUAA4GNADCBiQKBgQCtqa70B1kR51/k0Yod3Q+kvOcCcMC4Y4quKeFZLq/5SuUC

0cIDdLeZpDzZJz1JqU3U8cb96EnsZ+8Vxvcv0D2t4UWUYhFqzChkqOVTNMdujRC5

pvFIYwJfmrYdVxXB4xG8JdIvHt/WvKXwlkdfdOCHnPw70iBg+AhtD/z1/1D58QID

AQABo4HGMIHDMIGgBgNVHSMEgZgwgZWAFInei0wUJU8wDHNzORInRwO9mMtvoWuk

aTBnMSswKQYDVQQLDCJDcmVhdGVkIGJ5IGh0dHA6Ly93d3cuZmlkZGxlcjIuY29t

MRUwEwYDVQQKDAxET19OT1RfVFJVU1QxITAfBgNVBAMMGERPX05PVF9UUlVTVF9G

aWRkbGVyUm9vdIIQAPGaHbLcsK1iOKTCRD3i6zAJBgNVHRMEAjAAMBMGA1UdJQQM

MAoGCCsGAQUFBwMBMA0GCSqGSIb3DQEBBQUAA4GBACYkSLXM9o6aW9Dhsp4kqQpb

7FPyvfDGl42glm0hLdTXYBT+qYfFR0EJxpNw0VlrMYn5x/QsefSbflXnsQAT9LV7

1+1XwfpKe4rL9u9O/71i7XwvXtNBSRBXhpyLTLd9IByizZfnvv94BJ5PWWoBYwgH

/di3ssz2yf9pjq1MfUze

-----END CERTIFICATE----

Thanks!!!

[circle]

Some supplementary information, please see if they it is helpful:

Log tab:

17:30:27:0266 !SecureClientPipeDirect failed: A call to SSPI failed, see inner exception. < The certificate chain was issued by an authority that is not trusted on pipe 24, (CN=xxxxx.xxxxx.com, O=DO_NOT_TRUST_BC, OU=Created by http://www.fiddler2.com). 
17:30:49:2189 fiddler.network.https> Failed to secure existing connection for xxxxx.xxxxx.com. Received an unexpected EOF or 0 bytes from the transport stream.. 

And about the time it started failing yesterday, the certificate on the target server has been changed. Will it be possible if Fiddler cached the old server cert. somewhere? I tried to restart the browser, Fiddler or even the computer but failed to solve the problem.

thanks again.

[EricLaw]

Please open CERTMGR.MSC and confirm that there are no DO_NOT_TRUST roots in either the Personal or Trusted Root Certification Authorities folders.

 

What is the version number of CertMaker.dll in your C:\Program Files\Fiddler2 folder?

 

From where specifically did you get the plaintext of the certificate you show above?