Decrypting SSL traffic with Fiddler is failing - ssl

I have Fiddler configured to decrypt SSL traffic from a Java application.
But I am seeing the following error in the Fiddler log:
19:39:27:1726 Fiddler.CertMaker> [C:\Program Files (x86)\Fiddler2\MakeCert.exe -pe -ss my -n "CN=test.example.com, O=DO_NOT_TRUST, OU=Created by http://www.fiddler2.com" -sky exchange -in DO_NOT_TRUST_FiddlerRoot -is my -eku 1.3.6.1.5.5.7.3.1 -cy end -a sha1 -m 132 -b 03/26/2013] Returned Error: Creation of the interception certificate failed.
makecert.exe returned -1.
Results from C:\Program Files (x86)\Fiddler2\MakeCert.exe -pe -ss my -n "CN=test.example.com, O=DO_NOT_TRUST, OU=Created by http://www.fiddler2.com" -sky exchange -in DO_NOT_TRUST_FiddlerRoot -is my -eku 1.3.6.1.5.5.7.3.1 -cy end -a sha1 -m 132 -b 03/26/2013
Error: Fail to acquire a security provider from the issuer's certificate
Failed
Does anyone know how to fix this?

This likely means that you have a 3rd party encryption provider installed (e.g. Entrust or some VPN software) that is preventing MakeCert from generating the End-Entity certificate from the FiddlerRoot certificate.
There are some ways to workaround that, but the simplest is to try using http://fiddler2.com/r/?FiddlerCertMaker instead, as it doesn't rely on makecert.exe.

Related

makecert.exe - WS2012 fail to acquire a security provide from the issuer's certificate - Failed

I'm trying to create a new sel certificate in order to specify a duration different than the one created by default from an application.
Using the command:
makecert.exe -b 10/10/2015 -m 36 -n "CN=MYSERVER.domain.com" -sk "MYSERVER.domain.com" -sky "exchange" -sr localmachine -ss my -in "SelfSignedCA" -ir localmachine -is root
but system prevent me providing "Fail to acquire a security provide from the issuer's certificate - Failed".
I'm not so confident in creating the certificates...any help?
thanks in advance!

Windows revoke certificate (makecert, certmgr)

I created a root ca using makecert:
makecert -r -pe -n "CN=MyRootCA" -b 01/01/2015 -e 01/01/2020 -ss root -sr localmachine -len 2048
I create a CRL for that root ca and imported this with certmgr:
makecert -crl -n "CN=MyRootCA" -r -sv MyRootCRL.pvk MyRootCRL.crl
I create a certificate(for client authentification) derived from my root ca:
makecert -pe -n "CN=MyClient1" -eku 1.3.6.1.5.5.7.3.2 -is root -ir localmachine -in MyRootCA -ss my -sr currentuser -len 2048
Now the question:
How can i revoke my created MyClient1 certificate?
I have a CRL in my certmgr but i dont see any possibility to add my MyClient1 certificate to this CRL.
(Im using Windows 7)
Can anyone help me with this problem?
You could use certutil to revoke the certifikate (according to the documentation here).

makecert.exe generate certificates but (certificates)its does not show in certmgr windows?

C:\windows\system32\makecert.exe -r -n "CN=HanuSoft CA" -pe -sv HanuSoftCA.pvk -a sha1 -len 2048 -b 09/04/2013 -e 09/05/2016 -cy authority HanuSoft.cer
after taking password..
Succeed
but m not found any certificate in certmgr windows,
please any one help to resolve this problem why its not generate or other prob with it.
Both private key and public key were stored in the .pvk file, not immediately import into the keystore.

Where is the certificate created using makecert.exe?

I need to have a "http*s*" enabled self hosted WCF service. Given that there need to be a certificate to have the service "s" enabled, I created the certificate using the following two commands in the same order:
makecert.exe -sv SignRoot.pvk -cy authority -r signroot.cer -a sha1 -n "CN=AuthorityName" -ss my -sr localmachine
and then
makecert.exe -iv SignRoot.pvk -ic signroot.cer -cy end -pe -n CN="localhost" -eku 1.3.6.1.5.5.7.3.1 -ss my -sr localmachine -sky exchange -sp "Microsoft RSA SChannel Cryptographic Provider" -sy 12
Now to configure the port using SSL, netsh has to be used, which requires to be supplied with arguments certhash and appid. My best understanding is that I need to have the certificate to get these values. But where is the certificate I just created!!!????
I did try certmgr.msc, it showed the root as "Certificates - Current User". How to make it show the "localmachine" certificates, as marked by -sr option?
Again, where are my certificates!!??
The certificates are in the .CER files you specify on the command-line.
To use them you need to import them into the certificate store using the MMC/Certificate snap-in.

Enable MSDTC WS-AT(Web Service Atomic Transactions) with SSL Certificate error

I'm having an error trying to enable a SSL Certificate for the WS-AT module fot MSDTC:
I've already follow the steps to create the certificate:
How to: Create and Install Temporary Client Certificates in WCF During Development
But still got this error:
"Could not use the SSL Certificate because it does not support Key Encipherment or Digital Signature"
I also made sure that I am using an admin accont and Application Data --> Microsoft --> Crypto -->RSA --> key file has the necessary full permissions to the admin account I am using
I'm using IIS 7, on a Windows 7 machine
Any clues?
I've made it work, finally. I've used the next commands
makecert.exe -pe -n CN=MyCN -cy authority -r -sv C:\Mycer.pvk C:\Mycer.cer
makecert.exe -ss Root -sr LocalMachine -n CN=MyCN -cy authority -r -sv C:\Mycer.pvk
makecert -ss My -sr LocalMachine -n CN=MyFullDomainName -sky exchange -ir LocalMachine -iv C:\Mycer.pvk -ic C:\Mycer.cer
hope it helps someone