Windows 上的 Fiddler 4 证书错误
Fiddler 4 Certificate error on Windows
我正在使用 Fiddler 来监控我们私人项目的 HTTPS 流量。升级到 Windows 10 并安装 Fiddler 后,我无法创建根证书。我尝试同时使用 CertEnroll 和 MakeCert,但均返回无法创建根证书:
09:53:54:2275 Fiddler.CertMaker> [C:\Program Files (x86)\Fiddler2\MakeCert.exe -r -ss my -n "CN=DO_NOT_TRUST_FiddlerRoot, O=DO_NOT_TRUST, OU=Created by http://www.fiddler2.com" -sky signature -eku 1.3.6.1.5.5.7.3.1 -h 1 -cy authority -a sha256 -m 132 -b 01/07/2015 ] Returned Error: Creation of the interception certificate failed.
makecert.exe returned -1.
Results from C:\Program Files (x86)\Fiddler2\MakeCert.exe -r -ss my -n "CN=DO_NOT_TRUST_FiddlerRoot, O=DO_NOT_TRUST, OU=Created by http://www.fiddler2.com" -sky signature -eku 1.3.6.1.5.5.7.3.1 -h 1 -cy authority -a sha256 -m 132 -b 01/07/2015
Error: Can't create the key of the subject ('JoeSoft')
Failed
和
09:43:37:0332 /Fiddler.CertMaker> Invoking CertEnroll for Subject: CN=DO_NOT_TRUST_FiddlerRoot, O=DO_NOT_TRUST, OU=Created by http://www.fiddler2.com; Thread's ApartmentState: MTA
09:43:39:0853 !ERROR: Failed to generate Certificate using CertEnroll. System.Reflection.TargetInvocationException Exception has been thrown by the target of an invocation. < CertEnroll::CX509PrivateKey::Create: The requested operation cannot be completed. The computer must be trusted for delegation and the current user account must be configured to allow delegation. 0x80090345 (-2146892987 SEC_E_DELEGATION_REQUIRED)
每次更改服务时我都会重置所有证书and/or删除拦截证书。 AppData/Roaming/Microsoft/Crypt/RSA/{LONG_ID} 中的密钥也无处可寻(该文件夹始终为空)。
浏览论坛后,我按照一些说明下载了 Bouncy Castle Certificate Maker(建议用于 Android 的那个),它创建了 2 个根证书并将它们添加到 Windows 以便它们被信任。这样做之后,我所有的 HTTPS 流量看起来都像带有隧道的 HTTP。在调查该问题时,我发现在文本视图中显示
"This is a CONNECT tunnel, through which encrypted HTTPS traffic flows.
Fiddler's HTTPS Decryption feature is enabled, but this specific tunnel was configured not to be decrypted. Settings can be found inside Tools > Fiddler Options > HTTPS."
并且记录器返回了以下一些内容:
"10:02:38:5419 !Certificate cache didn't find certificate for [server.com]. Returning null to thread #30. ___ 10:02:38:5419 fiddler.https> Failed to obtain certificate for server.com due to Certificate Maker returned null when asked for a certificate for server.com"
"Failed to create certificate for server.com: The requested operation cannot be completed. The computer must be trusted for delegation and the current user account must be configured to allow delegation."
在隧道连接的属性中,我发现
"X-HTTPS-DECRYPTION-ERROR: Could not find or generate interception certificate."
你有什么解决办法吗?我真的很感激。谢谢! :)
嗯,最后好像是Windows Issue。
我的 PC 是公司域的一部分,即使我的用户是这台 PC 的管理员,也不是所有功能都正常(例如,我可以 运行 作为管理员毫无问题地使用任何应用程序,但无法创建 Root证书)。
我的同事在 Windows Credentials Manager 中发现了这个问题,他通过以下注册条目 (.reg) 修复了它:
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Protect\Providers\df9d8cd0-1501-11d1-8c7a-00c04fc297eb]
"ProtectionPolicy"=dword:00000001
我希望这可以帮助人们避免在 Internet 上花费数小时搜索修复程序。
您需要重置 Fiddler 根证书,
之后一切都会好的
是一个Windows问题:我公司刚刚发布了 Windows10 版本的更新,我开始看到描述的证书错误多于。编辑注册表是让 Fiddler 和网站导航再次工作的唯一想法
我正在使用 Fiddler 来监控我们私人项目的 HTTPS 流量。升级到 Windows 10 并安装 Fiddler 后,我无法创建根证书。我尝试同时使用 CertEnroll 和 MakeCert,但均返回无法创建根证书:
09:53:54:2275 Fiddler.CertMaker> [C:\Program Files (x86)\Fiddler2\MakeCert.exe -r -ss my -n "CN=DO_NOT_TRUST_FiddlerRoot, O=DO_NOT_TRUST, OU=Created by http://www.fiddler2.com" -sky signature -eku 1.3.6.1.5.5.7.3.1 -h 1 -cy authority -a sha256 -m 132 -b 01/07/2015 ] Returned Error: Creation of the interception certificate failed.
makecert.exe returned -1.
Results from C:\Program Files (x86)\Fiddler2\MakeCert.exe -r -ss my -n "CN=DO_NOT_TRUST_FiddlerRoot, O=DO_NOT_TRUST, OU=Created by http://www.fiddler2.com" -sky signature -eku 1.3.6.1.5.5.7.3.1 -h 1 -cy authority -a sha256 -m 132 -b 01/07/2015
Error: Can't create the key of the subject ('JoeSoft') Failed
和
09:43:37:0332 /Fiddler.CertMaker> Invoking CertEnroll for Subject: CN=DO_NOT_TRUST_FiddlerRoot, O=DO_NOT_TRUST, OU=Created by http://www.fiddler2.com; Thread's ApartmentState: MTA 09:43:39:0853 !ERROR: Failed to generate Certificate using CertEnroll. System.Reflection.TargetInvocationException Exception has been thrown by the target of an invocation. < CertEnroll::CX509PrivateKey::Create: The requested operation cannot be completed. The computer must be trusted for delegation and the current user account must be configured to allow delegation. 0x80090345 (-2146892987 SEC_E_DELEGATION_REQUIRED)
每次更改服务时我都会重置所有证书and/or删除拦截证书。 AppData/Roaming/Microsoft/Crypt/RSA/{LONG_ID} 中的密钥也无处可寻(该文件夹始终为空)。
浏览论坛后,我按照一些说明下载了 Bouncy Castle Certificate Maker(建议用于 Android 的那个),它创建了 2 个根证书并将它们添加到 Windows 以便它们被信任。这样做之后,我所有的 HTTPS 流量看起来都像带有隧道的 HTTP。在调查该问题时,我发现在文本视图中显示
"This is a CONNECT tunnel, through which encrypted HTTPS traffic flows. Fiddler's HTTPS Decryption feature is enabled, but this specific tunnel was configured not to be decrypted. Settings can be found inside Tools > Fiddler Options > HTTPS."
并且记录器返回了以下一些内容:
"10:02:38:5419 !Certificate cache didn't find certificate for [server.com]. Returning null to thread #30. ___ 10:02:38:5419 fiddler.https> Failed to obtain certificate for server.com due to Certificate Maker returned null when asked for a certificate for server.com"
"Failed to create certificate for server.com: The requested operation cannot be completed. The computer must be trusted for delegation and the current user account must be configured to allow delegation."
在隧道连接的属性中,我发现
"X-HTTPS-DECRYPTION-ERROR: Could not find or generate interception certificate."
你有什么解决办法吗?我真的很感激。谢谢! :)
嗯,最后好像是Windows Issue。 我的 PC 是公司域的一部分,即使我的用户是这台 PC 的管理员,也不是所有功能都正常(例如,我可以 运行 作为管理员毫无问题地使用任何应用程序,但无法创建 Root证书)。 我的同事在 Windows Credentials Manager 中发现了这个问题,他通过以下注册条目 (.reg) 修复了它:
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Protect\Providers\df9d8cd0-1501-11d1-8c7a-00c04fc297eb]
"ProtectionPolicy"=dword:00000001
我希望这可以帮助人们避免在 Internet 上花费数小时搜索修复程序。
您需要重置 Fiddler 根证书, 之后一切都会好的
是一个Windows问题:我公司刚刚发布了 Windows10 版本的更新,我开始看到描述的证书错误多于。编辑注册表是让 Fiddler 和网站导航再次工作的唯一想法