为什么提琴手不会安装我的证书Windows 8?-无法配置Windows以信任Fiddler根证书 [英] Why won't fiddler install my certificate windows 8? - unable to configure windows to trust Fiddler Root certificate
问题描述
我有一个应用程序正在对Twitter进行呼叫,我需要检查流量,以便可以了解有关oAuth的更多信息.
当我双击ssl流量时,会出现一个黄色框,提示我去更改选项(通过代理运行我的应用程序的方式).
在阅读了有关提琴手创建的在我的机器上使用证书的信息后,我单击了链接,以按照这些说明让提琴手在我的机器上安装证书...
I have an application which is making calls to twitter and I need to inspect the traffic so that I can learn more about oAuth.
When I double click the ssl traffic I get a yellow box which prompts me to go and change the options (by the way I am running my app through a proxy).
After having read about using a certificate on my machine which fiddler creates I have clicked the link to let fiddler install certificates on my machine by following these instructions...
http://docs.telerik.com/fiddler/configure-fiddler/tasks/configurefiddlerforwin8
However instead of this happening...
I get this error message...
"unable to configure windows to trust Fiddler Root certificate" here is a screen shot....
When I checked the logs as suggested (although is confusing as I thought the log was to do with each individual request), anyway I saw this...
I have even tried installing the certificate manually no no avail. Hope someone can help me get fiddler/ssl decryption working with windows 8! :-)
UPDATE : In response to Erics questions he made in the below answer...
Hi Eric thanks for replying.
1) A box popped up saying 'Certificate Trust' this is the box I have taken a screen shot of above. It was the box that told me to check the log.
2) I have an account and when I check my users it says I am an Administrator underneath my username.
3) I have tried to run Fiddler as an Administrator to no avail.
I also tried to drag and drop the certificate manually into the certmgr.msc tool and it comes up with a little round cursor with a line through it. Sounds like permissions but I just cant see why as I have full everything....
I finally found a way to workaround cases where group policy tries to limit who you can trust.
METHOD 1
- Go into the fiddler HTTPS options and export the root cert to your desktop.
- Open up mmc.exe and add in the certificate widgets for Local Computer
- Import the fiddler certificate into the Third-Party Root Certificate Store
- Go ahead and use fiddler and see it generate new certs and watch your system trust them.
Method 2
Run afoul and bypass an intentional security control.
reg delete HKLM\Software\Policies\Microsoft\SystemCertificates\Root\ProtectedRoots /f
- Go back into fiddler HTTP options, and toggle
Decrypt HTTPS traffic
off and on again. press okay to install the cert in the usual way - maybe run a
gpupdate /force
to get your setting back to the way your admins intended.
For insight, the problem group policy settings may look something like this:
If you have any Flags
value in your registry under Local_Machine \ Software\Policies\Microsoft\SystemCertificates\Root\ProtectedRoots
, this lock-down is probably in effect.
@EricLaw - Are you up for maybe changing fiddler to try to import into the third-party store by default? It seems like the "third-party store" may be less subject to lockdown.
This is the best write-up of third-party-store i've seen: http://kreelbits.blogspot.com/2014/02/whats-purpose-of-users-third-party-root.html
这篇关于为什么提琴手不会安装我的证书Windows 8?-无法配置Windows以信任Fiddler根证书的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!