I use Fiddler to monitor HTTPS traffic for our private project. After upgrading to Windows 10 and installing Fiddler, I cannot create a root certificate. I tried using both CertEnroll and MakeCert, and both returned that they cannot create the root certificate:
09: 53: 54: 2275 Fiddler.CertMaker> [C: \ Program Files (x86) \ Fiddler2 \ MakeCert.exe -r -ss my -n "CN = DO_NOT_TRUST_FiddlerRoot, O = DO_NOT_TRUST, OU = Created http: // www .fiddler2.com "-sky signature -eku 1.3.6.1.5.5.7.3.1 -h 1 -cy authority -a sha256 -m 132 -b 07/01/2015] Error returned: Failed to create an interception certificate.
makecert.exe returns -1.
Results from C: \ Program Files (x86) \ Fiddler2 \ MakeCert.exe -r -ss my -n "CN = DO_NOT_TRUST_FiddlerRoot, O = DO_NOT_TRUST, OU = Created http://www.fiddler2.com " -sky signature -eku 1.3.6.1.5.5.7.3.1 -h 1 -cy authority -a sha256 -m 132 -b 07/01/2015
Error: Unable to create object key ("JoeSoft") Error
and
09: 43: 37: 0332 / Fiddler.CertMaker> Call CertEnroll for the topic: CN = DO_NOT_TRUST_FiddlerRoot, O = DO_NOT_TRUST, OU = Created http://www.fiddler2.com ; Theme of the apartment: MTA 09: 43: 39: 0853! ERROR: Failed to create certificate using CertEnroll. System.Reflection.TargetInvocationException The exception was thrown by the target of the call. <CertEnroll :: CX509PrivateKey :: Create: The requested operation could not be completed. For delegation, you must trust the computer, and the current user account must be configured for delegation. 0x80090345 (-2146892987 SEC_E_DELEGATION_REQUIRED)
Each time I change the service, I reset all certificates and / or remote interception certificates. In addition, the key in AppData/Roaming/Microsoft/Crypt/RSA/{LONG_ID} was not found anywhere (the folder is always empty). After browsing the forums, I followed some instructions and downloaded the Bouncy Castle Certificate Maker (the one that was offered for Android), and he created 2 root certificates and added them to Windows so that they would be trusted. After that, all my HTTPS traffic looked like tunneling HTTP. Studying this issue, I found that the text view says
"This is the CONNECT tunnel through which HTTPS traffic flows are encrypted. The Fiddler HTTPS Decryption function is enabled, but this tunnel has been configured so that it is not decrypted. Settings can be found in Tools> Fiddler Settings> HTTPS.
And the registrar returned a few of the following:
"10: 02: 38: 5419. Certificate cache did not find a certificate for [server.com]. Return null to stream # 30. ___ 10: 02: 38: 5419 fiddler.https> Failed to get certificate for server.com from- for Certificate Maker returning null when requesting a certificate for .com server
"The certificate for the .com server could not be created. The requested operation cannot be completed. Delegation must be trusted on the computer and the current user account must be configured for delegation."
In the properties of the tunnel connection, I found
"X-HTTPS-DECRYPTION-ERROR: Could not find or create an interception certificate."
Do you have solutions for me? I would really appreciate it. Thanks!:)