fiddler2 unable to generate certificate

https fiddler makecert

29,772

Solution 1

In Win7

So go here: C:\Users\<username>\AppData\Roaming\Microsoft\Crypto\RSA\
Select all the files (named with UUIDS).
Move those files to your Desktop or other folder outside AppData dir.
Launch Fiddler, go to Tools | Fiddler Options | Enable HTTPS decryption
See that it works this time (hopefully).
Move the files back from their temp location (i.e., Desktop),
to their original one: C:\Users\<username>\AppData\Roaming\Microsoft\Crypto\RSA\
When one of the files asks whether you want to replace the existing one, skip it.

Solution 2

I and others have had this problem. It is a key directory that already exists in the key store with the same name as the key directory that Fiddler is trying to create (probably from a previous version of Fiddler).

The key directory on my machine is located in:

C:\Users\\[username]\AppData\Roaming\Microsoft\Crypto\RSA\\[folder-with-big-name]\

Note that the conflict was actually the key folder name. I just renamed the folder and then the key generation worked fine.

See this link for more information: https://groups.google.com/d/msg/httpfiddler/B-Mu6AxgiIc/LY69rWUBshMJ

Solution 3

I had the same issue on my Windows 8 box. Manually removing the key files per @Nicholas-Cloud didn't help me. So I kept trying different things and finally was able to sort this out.

To solve the certificate problem I did the following:

In Tools->Options->HTTPS tab unchecked the "Decrypt HTTPS traffic" option. This enabled the "Remove Interception Certificates" button at the bottom of the dialog
Clicked the "Remove Interception Certificates" button
Said "Yes" to all pop-up messages
Enabled the "Decrypt..." option back.
The series of pop-up messages will follow as described in Fiddler Windows 8 Configuration Steps

Note: if the above steps don't help you, try re-installing Fiddler and repeating the steps. I did re-installed it first, before getting to HTTP options.

Solution 4

fiddler hardcoded command is out of date.

everyone stop deleting folder.

just install the fliddler plugin that claims to generates a "better cert that works with android". its on the official fiddler plugin list.

that plugin will fix it for you.

Solution 5

If Fiddler certificate generation fails, the proper fix is to hand-pick the existing Fiddler2 private key and delete that. The above PowerShell code to completely destroy user's private key store is very bad idea. It will make every personal certificate useless.

Confirm the problem by running the same command Fiddler2 would run:

cd "C:\Program Files (x86)\Fiddler2"
makecert.exe -r -ss my -n "CN=DO_NOT_TRUST_FiddlerRoot, O=DO_NOT_TRUST, OU=Created by http://www.fiddler2.com" -sky signature -eku 1.3.6.1.5.5.7.3.1 -h 1 -cy authority -a sha1 -m 120 -b 09/05/2012

If the certificate generation fails, existing private key needs to be deleted. See http://poshcode.org/3637 for tool to find private key for a certificate.

Run it:

Get-PrivateKeyPath CN=DO_NOT_TRUST_FiddlerRoot

It will return something like c:\Users\JoeUser\AppData\Roaming\Microsoft\Crypto\RSA\7b90a71bfc56f2582e916a51aed6df9a_f6d54f4e-ff40-450e-9d77-7cfc383b357 Delete that file and attempt generating the certificate again. It should succeed. Do NOT destroy your entire private key store.

View more solutions

29,772

Author by

Evan Nagle

I work with Olo solving problems for people who want to order food online. I'm also a Stack Overflow alumnus and Microsoft alumnus. I love Jesus, my family, programming, Texas, and craft beer. Find me on twitter and GitHub as @aggieben.

Updated on September 02, 2022

Comments

Evan Nagle over 1 year

I'm using Fiddler2 (or trying) to capture SSL traffic for a windows desktop gadget hitting an https web service. It used to work, and then it stopped a couple days ago, always with this error:

--------------------------- 
Unable to Generate Certificate 
--------------------------- 
Creation of the interception certificate failed. 
makecert.exe returned -1. 
Results from C:\Program Files\Fiddler2\MakeCert.exe -ss my -n 
"CN=DO_NOT_TRUST_FiddlerRoot, O=DO_NOT_TRUST, OU=Created by 
http://www.fiddler2.com" -eku 1.3.6.1.5.5.7.3.1 -r -cy authority -a 
sha1 
Error: Can't create the key of the subject ('JoeSoft') 
Failed 
-------------------------------------------

(I swiped the error from the google group for fiddler, although I just posted my own and it should be visible soon).

Has anyone else had this problem and solved it? Is Fiddler just broken?

yoel halb almost 12 years

+1 But for me renaming didn't worked instead I had to move it [and I then merged the folders back], (but maybe the reason was because I renamed it by appending to it, as of now I am unable to test it as it is already working)
Scott Munro over 11 years

@yohal, I also tried adding a prefix to the folder name which did not work. Once I removed the folder from the directory it did.
TechSavvySam over 10 years

As stated by dmytroUa below, I also had to uninstall and reinstall Fiddler, actually upgrading to Fiddler4 and it started working after also moving the keystores out, creating the certificate and copying the rest of the keystores back in.
Admin about 10 years

DO NOT DELETE THE FOLDER! It contains private keys not used by fiddler.
EricLaw almost 10 years

This is probably the best, simplest answer.
cdmdotnet over 9 years

This is the most recent and fastest solution, and in my case, the only one that worked.
Brad over 9 years

This is also the only approach that worked for me on one of my machines
revo about 9 years

Running makecert.exe ... was successful. However at first I renamed/moved folder with no success. (later I restored it)
Ian Kemp almost 9 years

The extension in question is "CertMaker for iOS and Android".
Daniel Sokolowski almost 9 years

This worked for me and makes perfect sense since my AppData was restored from backup which already contained Fiddler certificates - this should be the accepted answer.
Shaiju Janardhanan over 8 years

This is the solution that worked for me. Replacing folder didnt work
Luke Rice over 8 years

This worked for windows 7 whereas the above two higher upvoted methods did not.
parveen over 8 years

Thanks! The reinstall part did it for me. You saved my hairs.
Les over 8 years

Not deleting the folder is not a solution but, assuming deleting actually creates more problems, we can remove the folder and put it back again merging with the new folder. That's what I did and it seems fine.