fiddler2无法生成证书
我正在使用 Fiddler2(或尝试)捕获访问 https Web 服务的 Windows 桌面小工具的 SSL 流量。它曾经可以工作,然后几天前就停止了,总是出现这个错误:(
---------------------------
Unable to Generate Certificate
---------------------------
Creation of the interception certificate failed.
makecert.exe returned -1.
Results from C:\Program Files\Fiddler2\MakeCert.exe -ss my -n
"CN=DO_NOT_TRUST_FiddlerRoot, O=DO_NOT_TRUST, OU=Created by
http://www.fiddler2.com" -eku 1.3.6.1.5.5.7.3.1 -r -cy authority -a
sha1
Error: Can't create the key of the subject ('JoeSoft')
Failed
-------------------------------------------
我从谷歌组中刷出了fiddler的错误,尽管我刚刚发布了自己的错误,它应该很快就会可见)。
还有其他人遇到过这个问题并解决了吗? Fiddler 刚刚坏了吗?
I'm using Fiddler2 (or trying) to capture SSL traffic for a windows desktop gadget hitting an https web service. It used to work, and then it stopped a couple days ago, always with this error:
---------------------------
Unable to Generate Certificate
---------------------------
Creation of the interception certificate failed.
makecert.exe returned -1.
Results from C:\Program Files\Fiddler2\MakeCert.exe -ss my -n
"CN=DO_NOT_TRUST_FiddlerRoot, O=DO_NOT_TRUST, OU=Created by
http://www.fiddler2.com" -eku 1.3.6.1.5.5.7.3.1 -r -cy authority -a
sha1
Error: Can't create the key of the subject ('JoeSoft')
Failed
-------------------------------------------
(I swiped the error from the google group for fiddler, although I just posted my own and it should be visible soon).
Has anyone else had this problem and solved it? Is Fiddler just broken?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(12)
在 Win7 中,
C:\Users\<用户名>\AppData\Roaming\Microsoft\Crypto\RSA\AppData目录之外的其他文件夹。工具|Fiddler 选项|启用 HTTPS 解密桌面)移回,到原来的文件:
C:\Users\\AppData\Roaming\Microsoft\Crypto\RSA\ 跳过它。In Win7
C:\Users\<username>\AppData\Roaming\Microsoft\Crypto\RSA\AppDatadir.Tools|Fiddler Options|Enable HTTPS decryptionDesktop),to their original one:
C:\Users\<username>\AppData\Roaming\Microsoft\Crypto\RSA\skipit.我和其他人都遇到过这个问题。它是密钥存储中已存在的密钥目录,其名称与 Fiddler 尝试创建的密钥目录(可能来自 Fiddler 的早期版本)同名。
我的机器上的密钥目录位于:
请注意,冲突实际上是密钥文件夹名称。我刚刚重命名了该文件夹,然后密钥生成工作正常。
有关详细信息,请参阅此链接:https://groups.google.com/ d/msg/httpfiddler/B-Mu6AxgiIc/LY69rWUBshMJ
I and others have had this problem. It is a key directory that already exists in the key store with the same name as the key directory that Fiddler is trying to create (probably from a previous version of Fiddler).
The key directory on my machine is located in:
Note that the conflict was actually the key folder name. I just renamed the folder and then the key generation worked fine.
See this link for more information: https://groups.google.com/d/msg/httpfiddler/B-Mu6AxgiIc/LY69rWUBshMJ
我的 Windows 8 机器也遇到了同样的问题。手动删除每个 @Nicholas-Cloud 的关键文件对我没有帮助。所以我不断尝试不同的事情,终于能够解决这个问题。
为了解决证书问题,我执行了以下操作:
注意:如果上述步骤对您没有帮助,请尝试重新安装 Fiddler 并重复这些步骤。在进入 HTTP 选项之前,我确实先重新安装了它。
I had the same issue on my Windows 8 box. Manually removing the key files per @Nicholas-Cloud didn't help me. So I kept trying different things and finally was able to sort this out.
To solve the certificate problem I did the following:
Note: if the above steps don't help you, try re-installing Fiddler and repeating the steps. I did re-installed it first, before getting to HTTP options.
fiddler 硬编码命令已过时。
大家停止删除文件夹。
只需安装声称可以生成“适用于 Android 的更好的证书”的 fliddler 插件即可。它在官方的 fiddler 插件列表中。
该插件将为您修复它。
fiddler hardcoded command is out of date.
everyone stop deleting folder.
just install the fliddler plugin that claims to generates a "better cert that works with android". its on the official fiddler plugin list.
that plugin will fix it for you.
如果 Fiddler 证书生成失败,正确的修复方法是手动选择现有的 Fiddler2 私钥并将其删除。上面的 PowerShell 代码完全破坏用户的私钥存储是非常糟糕的主意。这将使每一个个人证书变得毫无用处。
通过运行 Fiddler2 运行的相同命令来确认问题:
如果证书生成失败,则需要删除现有私钥。请参阅 http://poshcode.org/3637 了解查找证书私钥的工具。
运行它:
它将返回类似
c:\Users\JoeUser\AppData\Roaming\Microsoft\Crypto\RSA\7b90a71bfc56f2582e916a51aed6df9a_f6d54f4e-ff40-450e-9d77-7cfc383b357删除该文件并尝试再次生成证书。它应该成功。不要不要销毁您的整个私钥存储。
If Fiddler certificate generation fails, the proper fix is to hand-pick the existing Fiddler2 private key and delete that. The above PowerShell code to completely destroy user's private key store is very bad idea. It will make every personal certificate useless.
Confirm the problem by running the same command Fiddler2 would run:
If the certificate generation fails, existing private key needs to be deleted. See http://poshcode.org/3637 for tool to find private key for a certificate.
Run it:
It will return something like
c:\Users\JoeUser\AppData\Roaming\Microsoft\Crypto\RSA\7b90a71bfc56f2582e916a51aed6df9a_f6d54f4e-ff40-450e-9d77-7cfc383b357Delete that file and attempt generating the certificate again. It should succeed. Do NOT destroy your entire private key store.
对我来说,简单的解决方法是安装 Fiddler CertMaker
The simple fix for me was to install the Fiddler CertMaker
尼古拉斯的回答是正确的。为了帮助其他人也找到此页面:
如果您在 Fiddler 中单击“将 Fiddler 根证书导出到桌面”按钮或调用 Fiddler.CertMaker.createRootCert 时收到“无法导出 Fiddler 根证书”消息,这可能会有所帮助() 来自代码。
Nicholas' answer is correct. In order to help others find this page too:
This may be helpful if you get the message "Unable to export Fiddler's Root Certificate" when you click the "Export Fiddler Root Certificate to Desktop" button in Fiddler, or call Fiddler.CertMaker.createRootCert() from code.
我有同样的错误。
这肯定是由于早期版本的 Fiddler 的存在以及它们之间的一些不兼容性造成的。
上面的文件夹仅由 Fiddler 使用,它存储它创建的证书(或者至少对于您盒子上的个人证书,Fiddler 肯定是唯一使用它的)。您可能需要检查您是否还有除 Fiddler 之外的其他个人证书。在 IE 中,这是使用工具/互联网选项/内容/证书/个人。
完全清空文件夹,不要害怕有关删除系统文件的消息。
然后在 Fiddler 中,再次选择捕获然后解密 HTTPS 流量的选项。
如果需要,请在桌面上重新导出Fiddler根证书,然后在IE和FF中重新导入。
如果需要,请重新启动浏览器并享受。
我想不是删除仅在 IE 中删除的所有内容,而是颁发给 DO_NOT_TRUST_FIddlerRoot 的私有证书会执行相同的操作,但我尚未对此进行测试。
请记住,一旦不再需要解密选项,请立即将其关闭。
I had the same error.
This was certainly due to the presence of earlier versions of Fiddler and some incompatibility between them.
The above folder is used only by Fiddler where it stores the certificates that it creates (or at least for personal certificates on your box and Fiddler is certainly the only one using it). You may want to check if you have other personal certificates than Fiddler ones. In IE this is using Tools / internet options / content / certificates / personal.
Totally empty the folder and don't be afraid of the message about removing system files.
Then in Fiddler, select again the options to capture then decrypt the HTTPS traffic.
If required, re export the Fiddler root certificate on the desktop then re import it in IE and FF.
Restart your browsers if required and enjoy.
I suppose instead of removing all that removing only in IE the private certificate issued to DO_NOT_TRUST_FIddlerRoot does the same but I have not tested this.
Remember to turn off the decrypt option as soon as you don't need it anymore.
作为 Nicholas Cloud 回复的补充,这里有一个小脚本可以帮助您重命名该文件夹:
向 Nicholas Cloud 的回复添加注释确实允许我格式化代码,因此我最终创建了一个单独的回复。
As an addition to Nicholas Cloud's reply, here's a little script that helps you rename that folder:
Adding a comment to the Nicholas's reply did allow me to format the code so I ended up creating a separate reply.
您可以通过在 C:\Users\\AppData\Roaming\Microsoft\Crypto\RSA\ 路径中的文件内容中查找“JoeSoft”来识别冲突文件。
You can identify the conflicting file by looking for "JoeSoft" in the content of the files from the C:\Users\\AppData\Roaming\Microsoft\Crypto\RSA\ path.
我遇到了这个确切的错误,只能通过以下方式解决:
您可能只需要更新 fiddlerCore(请参阅这个所以问题了解更多细节),但我列出了我所做的一切为了绝对安全。
I had this exact error and was only able to solve it by:
It is possible that you only have to update fiddlerCore (See this SO question for more details), but I listed everything I did to be totally safe.
cd 到安装文件夹“d:\Program Files\Fiddler”
运行以下命令
就会创建证书,问题就解决了
cd to the installation folder "d:\Program Files\Fiddler"
run the following command
A certificate will be created and the problem will be solved