fiddler2无法生成证书

发布于 2024-10-29 20:38:31 字数 692 浏览 6 评论 0原文

我正在使用 Fiddler2(或尝试)捕获访问 https Web 服务的 Windows 桌面小工具的 SSL 流量。它曾经可以工作,然后几天前就停止了,总是出现这个错误:(

--------------------------- 
Unable to Generate Certificate 
--------------------------- 
Creation of the interception certificate failed. 
makecert.exe returned -1. 
Results from C:\Program Files\Fiddler2\MakeCert.exe -ss my -n 
"CN=DO_NOT_TRUST_FiddlerRoot, O=DO_NOT_TRUST, OU=Created by 
http://www.fiddler2.com" -eku 1.3.6.1.5.5.7.3.1 -r -cy authority -a 
sha1 
Error: Can't create the key of the subject ('JoeSoft') 
Failed 
------------------------------------------- 

我从谷歌组中刷出了fiddler的错误,尽管我刚刚发布了自己的错误,它应该很快就会可见)。

还有其他人遇到过这个问题并解决了吗? Fiddler 刚刚坏了吗?

I'm using Fiddler2 (or trying) to capture SSL traffic for a windows desktop gadget hitting an https web service. It used to work, and then it stopped a couple days ago, always with this error:

--------------------------- 
Unable to Generate Certificate 
--------------------------- 
Creation of the interception certificate failed. 
makecert.exe returned -1. 
Results from C:\Program Files\Fiddler2\MakeCert.exe -ss my -n 
"CN=DO_NOT_TRUST_FiddlerRoot, O=DO_NOT_TRUST, OU=Created by 
http://www.fiddler2.com" -eku 1.3.6.1.5.5.7.3.1 -r -cy authority -a 
sha1 
Error: Can't create the key of the subject ('JoeSoft') 
Failed 
------------------------------------------- 

(I swiped the error from the google group for fiddler, although I just posted my own and it should be visible soon).

Has anyone else had this problem and solved it? Is Fiddler just broken?

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(12

意犹 2024-11-05 20:38:31

在 Win7 中,

  • 请转到此处:C:\Users\<用户名>\AppData\Roaming\Microsoft\Crypto\RSA\
  • 选择所有文件(以 UUIDS 命名)。
  • 将这些文件移动到桌面或 AppData 目录之外的其他文件夹。
  • 启动Fiddler,转到工具 | Fiddler 选项 | 启用 HTTPS 解密
  • 看看这次它是否有效(希望如此)。
  • 将文件从临时位置(即桌面)移回,
    到原来的文件:C:\Users\\AppData\Roaming\Microsoft\Crypto\RSA\
  • 当其中一个文件询问您是否要替换现有文件时,跳过它。

In Win7

  • So go here: C:\Users\<username>\AppData\Roaming\Microsoft\Crypto\RSA\
  • Select all the files (named with UUIDS).
  • Move those files to your Desktop or other folder outside AppData dir.
  • Launch Fiddler, go to Tools | Fiddler Options | Enable HTTPS decryption
  • See that it works this time (hopefully).
  • Move the files back from their temp location (i.e., Desktop),
    to their original one: C:\Users\<username>\AppData\Roaming\Microsoft\Crypto\RSA\
  • When one of the files asks whether you want to replace the existing one, skip it.
尤怨 2024-11-05 20:38:31

我和其他人都遇到过这个问题。它是密钥存储中已存在的密钥目录,其名称与 Fiddler 尝试创建的密钥目录(可能来自 Fiddler 的早期版本)同名。

我的机器上的密钥目录位于:

C:\Users\\[username]\AppData\Roaming\Microsoft\Crypto\RSA\\[folder-with-big-name]\

请注意,冲突实际上是密钥文件夹名称。我刚刚重命名了该文件夹,然后密钥生成工作正常。

有关详细信息,请参阅此链接:https://groups.google.com/ d/msg/httpfiddler/B-Mu6AxgiIc/LY69rWUBshMJ

I and others have had this problem. It is a key directory that already exists in the key store with the same name as the key directory that Fiddler is trying to create (probably from a previous version of Fiddler).

The key directory on my machine is located in:

C:\Users\\[username]\AppData\Roaming\Microsoft\Crypto\RSA\\[folder-with-big-name]\

Note that the conflict was actually the key folder name. I just renamed the folder and then the key generation worked fine.

See this link for more information: https://groups.google.com/d/msg/httpfiddler/B-Mu6AxgiIc/LY69rWUBshMJ

闻呓 2024-11-05 20:38:31

我的 Windows 8 机器也遇到了同样的问题。手动删除每个 @Nicholas-Cloud 的关键文件对我没有帮助。所以我不断尝试不同的事情,终于能够解决这个问题。

为了解决证书问题,我执行了以下操作:

  1. 在“工具”->“选项”->“HTTPS”选项卡中,取消选中“解密 HTTPS 流量”选项。这启用了对话框底部的“删除拦截证书”按钮
  2. 单击“删除拦截证书”按钮
  3. 对所有弹出消息说“是”
  4. 重新启用“解密...”选项。
  5. 随后将出现一系列弹出消息,如 Fiddler Windows 8 配置步骤

注意:如果上述步骤对您没有帮助,请尝试重新安装 Fiddler 并重复这些步骤。在进入 HTTP 选项之前,我确实先重新安装了它。

I had the same issue on my Windows 8 box. Manually removing the key files per @Nicholas-Cloud didn't help me. So I kept trying different things and finally was able to sort this out.

To solve the certificate problem I did the following:

  1. In Tools->Options->HTTPS tab unchecked the "Decrypt HTTPS traffic" option. This enabled the "Remove Interception Certificates" button at the bottom of the dialog
  2. Clicked the "Remove Interception Certificates" button
  3. Said "Yes" to all pop-up messages
  4. Enabled the "Decrypt..." option back.
  5. The series of pop-up messages will follow as described in Fiddler Windows 8 Configuration Steps

Note: if the above steps don't help you, try re-installing Fiddler and repeating the steps. I did re-installed it first, before getting to HTTP options.

木槿暧夏七纪年 2024-11-05 20:38:31

fiddler 硬编码命令已过时。

大家停止删除文件夹。

只需安装声称可以生成“适用于 Android 的更好的证书”的 fliddler 插件即可。它在官方的 fiddler 插件列表中。

该插件将为您修复它。

fiddler hardcoded command is out of date.

everyone stop deleting folder.

just install the fliddler plugin that claims to generates a "better cert that works with android". its on the official fiddler plugin list.

that plugin will fix it for you.

你另情深 2024-11-05 20:38:31

如果 Fiddler 证书生成失败,正确的修复方法是手动选择现有的 Fiddler2 私钥并将其删除。上面的 PowerShell 代码完全破坏用户的私钥存储是非常糟糕的主意。这将使每一个个人证书变得毫无用处。

通过运行 Fiddler2 运行的相同命令来确认问题:

cd "C:\Program Files (x86)\Fiddler2"
makecert.exe -r -ss my -n "CN=DO_NOT_TRUST_FiddlerRoot, O=DO_NOT_TRUST, OU=Created by http://www.fiddler2.com" -sky signature -eku 1.3.6.1.5.5.7.3.1 -h 1 -cy authority -a sha1 -m 120 -b 09/05/2012

如果证书生成失败,则需要删除现有私钥。请参阅 http://poshcode.org/3637 了解查找证书私钥的工具。

运行它:

Get-PrivateKeyPath CN=DO_NOT_TRUST_FiddlerRoot

它将返回类似 c:\Users\JoeUser\AppData\Roaming\Microsoft\Crypto\RSA\7b90a71bfc56f2582e916a51aed6df9a_f6d54f4e-ff40-450e-9d77-7cfc383b357
删除该文件并尝试再次生成证书。它应该成功。不要不要销毁您的整个私钥存储。

If Fiddler certificate generation fails, the proper fix is to hand-pick the existing Fiddler2 private key and delete that. The above PowerShell code to completely destroy user's private key store is very bad idea. It will make every personal certificate useless.

Confirm the problem by running the same command Fiddler2 would run:

cd "C:\Program Files (x86)\Fiddler2"
makecert.exe -r -ss my -n "CN=DO_NOT_TRUST_FiddlerRoot, O=DO_NOT_TRUST, OU=Created by http://www.fiddler2.com" -sky signature -eku 1.3.6.1.5.5.7.3.1 -h 1 -cy authority -a sha1 -m 120 -b 09/05/2012

If the certificate generation fails, existing private key needs to be deleted. See http://poshcode.org/3637 for tool to find private key for a certificate.

Run it:

Get-PrivateKeyPath CN=DO_NOT_TRUST_FiddlerRoot

It will return something like c:\Users\JoeUser\AppData\Roaming\Microsoft\Crypto\RSA\7b90a71bfc56f2582e916a51aed6df9a_f6d54f4e-ff40-450e-9d77-7cfc383b357
Delete that file and attempt generating the certificate again. It should succeed. Do NOT destroy your entire private key store.

零時差 2024-11-05 20:38:31

对我来说,简单的解决方法是安装 Fiddler CertMaker

The simple fix for me was to install the Fiddler CertMaker

说不完的你爱 2024-11-05 20:38:31

尼古拉斯的回答是正确的。为了帮助其他人也找到此页面:

如果您在 Fiddler 中单击“将 Fiddler 根证书导出到桌面”按钮或调用 Fiddler.CertMaker.createRootCert 时收到“无法导出 Fiddler 根证书”消息,这可能会有所帮助() 来自代码。

Nicholas' answer is correct. In order to help others find this page too:

This may be helpful if you get the message "Unable to export Fiddler's Root Certificate" when you click the "Export Fiddler Root Certificate to Desktop" button in Fiddler, or call Fiddler.CertMaker.createRootCert() from code.

っ左 2024-11-05 20:38:31

我有同样的错误。
这肯定是由于早期版本的 Fiddler 的存在以及它们之间的一些不兼容性造成的。

上面的文件夹仅由 Fiddler 使用,它存储它创建的证书(或者至少对于您盒子上的个人证书,Fiddler 肯定是唯一使用它的)。您可能需要检查您是否还有除 Fiddler 之外的其他个人证书。在 IE 中,这是使用工具/互联网选项/内容/证书/个人。

完全清空文件夹,不要害怕有关删除系统文件的消息。
然后在 Fiddler 中,再次选择捕获然后解密 HTTPS 流量的选项。
如果需要,请在桌面上重新导出Fiddler根证书,然后在IE和FF中重新导入。
如果需要,请重新启动浏览器并享受。

我想不是删除仅在 IE 中删除的所有内容,而是颁发给 DO_NOT_TRUST_FIddlerRoot 的私有证书会执行相同的操作,但我尚未对此进行测试。

请记住,一旦不再需要解密选项,请立即将其关闭。

I had the same error.
This was certainly due to the presence of earlier versions of Fiddler and some incompatibility between them.

The above folder is used only by Fiddler where it stores the certificates that it creates (or at least for personal certificates on your box and Fiddler is certainly the only one using it). You may want to check if you have other personal certificates than Fiddler ones. In IE this is using Tools / internet options / content / certificates / personal.

Totally empty the folder and don't be afraid of the message about removing system files.
Then in Fiddler, select again the options to capture then decrypt the HTTPS traffic.
If required, re export the Fiddler root certificate on the desktop then re import it in IE and FF.
Restart your browsers if required and enjoy.

I suppose instead of removing all that removing only in IE the private certificate issued to DO_NOT_TRUST_FIddlerRoot does the same but I have not tested this.

Remember to turn off the decrypt option as soon as you don't need it anymore.

眼泪也成诗 2024-11-05 20:38:31

作为 Nicholas Cloud 回复的补充,这里有一个小脚本可以帮助您重命名该文件夹:

# Find my SID 
$user = New-Object System.Security.Principal.NTAccount([Environment]::UserName) $mySID = ($user.Translate([System.Security.Principal.SecurityIdentifier])).Value

# Rename keys folder with a timestamp
$timeStamp = Get-Date -format "ddMMyyhhmmss"
$folder = Join-Path -Path $env:USERPROFILE -ChildPath "appData\Roaming\Microsoft\Crypto\RSA\$mySID"
Rename-Item -Force $folder "$folder.$timeStamp"

向 Nicholas Cloud 的回复添加注释确实允许我格式化代码,因此我最终创建了一个单独的回复。

As an addition to Nicholas Cloud's reply, here's a little script that helps you rename that folder:

# Find my SID 
$user = New-Object System.Security.Principal.NTAccount([Environment]::UserName) $mySID = ($user.Translate([System.Security.Principal.SecurityIdentifier])).Value

# Rename keys folder with a timestamp
$timeStamp = Get-Date -format "ddMMyyhhmmss"
$folder = Join-Path -Path $env:USERPROFILE -ChildPath "appData\Roaming\Microsoft\Crypto\RSA\$mySID"
Rename-Item -Force $folder "$folder.$timeStamp"

Adding a comment to the Nicholas's reply did allow me to format the code so I ended up creating a separate reply.

雨的味道风的声音 2024-11-05 20:38:31

您可以通过在 C:\Users\\AppData\Roaming\Microsoft\Crypto\RSA\ 路径中的文件内容中查找“JoeSoft”来识别冲突文件。

You can identify the conflicting file by looking for "JoeSoft" in the content of the files from the C:\Users\\AppData\Roaming\Microsoft\Crypto\RSA\ path.

城歌 2024-11-05 20:38:31

我遇到了这个确切的错误,只能通过以下方式解决:

  1. 更新 fiddlerCore
  2. 正如 @DemytroUa 所说'在“工具”->“选项”->“HTTPS”选项卡中取消选中“捕获 HTTPS CONNECTS”选项。然后单击对话框底部的“删除拦截证书”按钮
  3. 打开证书管理器(在运行对话框中输入 certmgr.msc - windows + r)
  4. 导航到个人 ->证书
  5. 删除所有“DO_NOT_TRUST_FiddlerRoot”证书
  6. 在 Fiddler 上检查“工具 -> Fiddler 选项 -> HTTPS”选项卡中的“解密 HTTPS 流量”

您可能只需要更新 fiddlerCore(请参阅这个所以问题了解更多细节),但我列出了我所做的一切为了绝对安全。

I had this exact error and was only able to solve it by:

  1. Updating fiddlerCore
  2. As @DemytroUa said 'In Tools->Options->HTTPS tab unchecked the "Capture HTTPS CONNECTSs" option. And clicking "Remove Interception Certificates" button at the bottom of the dialog'
  3. Opening the cert manager (enter certmgr.msc in the run dialog - windows + r)
  4. Navigate into Personal -> Certificates
  5. Deleting All "DO_NOT_TRUST_FiddlerRoot" certificates
  6. On Fiddler check "Decrypt HTTPS traffic in Tools->Fiddler Options->HTTPS tab

It is possible that you only have to update fiddlerCore (See this SO question for more details), but I listed everything I did to be totally safe.

℉絮湮 2024-11-05 20:38:31

cd 到安装文件夹“d:\Program Files\Fiddler”
运行以下命令

makecert.exe -r -ss my -n "CN=DO_NOT_TRUST_FiddlerRoot, O=DO_NOT_TRUST, OU=Created by http://www.fiddler2.com" -sky signature -eku 1.3.6.1.5.5.7.3.1 -h 1 -cy authority -a sha1 -m 120 -b 09/05/2012

就会创建证书,问题就解决了

cd to the installation folder "d:\Program Files\Fiddler"
run the following command

makecert.exe -r -ss my -n "CN=DO_NOT_TRUST_FiddlerRoot, O=DO_NOT_TRUST, OU=Created by http://www.fiddler2.com" -sky signature -eku 1.3.6.1.5.5.7.3.1 -h 1 -cy authority -a sha1 -m 120 -b 09/05/2012

A certificate will be created and the problem will be solved

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文