Using custom certificate in FiddlerCore

Question

This is the process I followed :-`

var certX = Fiddler.CertMaker.oCertProvider.GetCertificateForHost("<Machine Name>");
File.WriteAllBytes(@"D:\PFX.pfx", certX.Export(X509ContentType.SerializedCert));

Once done with this. I restarted the Demo application and tried to load certificate from disk

X509Certificate2 certTry = new X509Certificate2(@"D:\PFX.PFX", "1", X509KeyStorageFlags.UserKeySet |
                                        X509KeyStorageFlags.PersistKeySet |
                                        X509KeyStorageFlags.Exportable);

oSecureEndpoint = FiddlerApplication.CreateProxyEndpoint(iSecureEndpointPort, true, certTry);

This works but when I do.

WriteCommandResponse("Result: " + Fiddler.CertMaker.trustRootCert().ToString());

It fails with error saying cannot trust root certification; Not Found

What am I doing wrong here? My intent is the Decrypt HTTPS traffic using a custom certificate.

score 1 · Answer 1 · answered Dec 04 '15 at 21:51

1

Let's step back a bit-- what do you hope to accomplish by storing the certificate Fiddler generates to disk, then reloading it later?

The likely problem here is that your method doesn't write the private key to the target PFX file, so you can't subsequently use the PFX to encrypt traffic.

answered Dec 04 '15 at 21:51

EricLaw

54,427
7
140
182

Issue was indeed with the certificate. Posting the whole answer below. – KillerTheLord Dec 20 '15 at 16:19

score 0 · Accepted Answer · answered Dec 20 '15 at 16:18

As @EricLaw pointed out issue was with the PFX. Certificate that

    Fiddler.CertMaker.GetRootCertificate();

generates does not have the private key of the certificate. So to save the certificate just writing the above certificate won't be enough. The way around it is to open user's root cert store and then get the certificate out of it along with it's private key (code example below). This certificate can then be used in future sessions.

    X509Store certStore = new X509Store(StoreName.Root, StoreLocation.CurrentUser);
        // Try to open the store.

        certStore.Open(OpenFlags.ReadOnly);
        // Find the certificate that matches the name.
        X509Certificate2Collection certCollection = certStore.Certificates.Find(X509FindType.FindBySubjectName, "DO_NOT_TRUST_FiddlerRoot", false);

        X509Certificate2 certTry = new X509Certificate2(@"D:\PFX.PFX", "1", X509KeyStorageFlags.UserKeySet |
                                    X509KeyStorageFlags.PersistKeySet |
                                    X509KeyStorageFlags.Exportable);

Exportable is optional, but PersistKeySet is required otherwise the certificate won't contain the private key.

Using custom certificate in FiddlerCore

2 Answers2