This is a migrated thread and some comments may be shown as answers.

HTTPS issues with Windows system proxy

12 Answers 2448 Views

Windows

This is a migrated thread and some comments may be shown as answers.

Chris asked on 12 Feb 2016, 03:41 PM

Posting this here as a last resort. I've been using Fiddler for years, but sometime in the past few months, it stopped decrypting all HTTPS traffic using the system proxy. I see the same issue on both my office computer running Win7 and my home machine running Win10. This is with Fiddler4. I suspect it was the result of a recent Fiddler update?

Chrome gives the error page: "Your connection is not private" NET::ERR_CERT_AUTHORITY_INVALID

I've spent many hours trying every solution I could find online:

- Resetting all certificates with the reset button
- Unchecking 'decrypt HTTP traffic', removing certs, restart Fiddler, check 'decrypt' again
- Generating certs with different generators (CertEnroll, MakeCert)
- Exporting root cert and manually importing into certmgr
- Manually importing into Chrome cert settings

I see the certificate in the Trusted Root Certificates folder in certmgr. I feel like I've tried everything. Have I missed something?

12 Answers, 1 is accepted

answered on 25 Feb 2016, 03:36 PM

Hi,

Well it makes more sense now although that doesn't really make it any better :)

Which version of FIddler does that? And can you recall what version you upgraded from?

Here is a possible reason for this behavior - https://textplain.wordpress.com/2015/10/30/reset-fiddlers-https-certificates/ . Judging by your post you followed the steps for regenerating certificates. Could you remove all fiddler related certificates and give it another try. Please, double check that the root certificate generated by Fiddler makes it to the trusted Authorities.

Regards,
Tsviatko Yovtchev
Telerik

Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Feedback Portal and vote to affect the priority of the items

answered on 29 Feb 2016, 09:28 PM

I'm seeing the issue since updating to v4.6.2.0. I update regularly, so I imagine I upgraded from the previous major version.

I followed the instructions on the page you linked to. I've previously tried the same and many other variations to try to get this to work. The (DO_NOT_TRUST_FiddlerRoot) certificate gets added to: Personal, Intermediate, and Trusted Root folders as viewed from Windows certmgr.

Interestingly, when I look at the certificates in Chrome (Chrome Settings/Advanced/HTTPS/Manage Certificates), I see the Fiddler cert in: Personal and Intermediate, but not in Trusted Root. I'm using the latest Chrome (Version 48.0.2564.116 m).

Needless to say, I still see the NET::ERR_CERT_AUTHORITY_INVALID error. :(

answered on 05 May 2017, 02:08 PM

I believe I have finally found the solution to this. Over the past couple years, I've had this behaviour occur now and then, usually after something updates (not sure what... probably Windows updates). Usually I'm able to get HTTPS working again by removing/installing new Fiddler certs multiple times, but I was never able to create reproducible steps to fix it.

I ran into the issue again yesterday and no matter what I did, I kept getting the NET::ERR_CERT_AUTHORITY_INVALID error as I did in the original post.

This morning I tried the following and it worked:

1. Fiddler Options / HTTPS / Disable 'Decrypt HTTPS traffic'

2. Fiddler Options / HTTPS / Actions / 'Remove Interception Certificate'

3. Reboot PC

4. Open command prompt with admin privileges and run: certutil -urlcache * delete (this will clear the Windows cert cache)

5. Reboot PC

6. Open Fiddler and re-enable 'Decrypt HTTPS traffic' -> Follow prompts to install cert

7. Reboot PC

8. Open Chrome, Open Fiddler, Profit!