Chrome Doesn't Trust Fiddler Root Certificate
I have Fiddler installed on my machine. I have installed the Fiddler Root Certificate to decrypt HTTPS traffic, but it only works in FF and IE, not in chrome. Chrome does not trust Fiddler's certificate and does not allow me to connect to any tunneled connections.
I tried looking on Fiddler2.com's page for a plugin but I don't see anyhing.
Solution 1:
I updated Fiddler and ran into a similar issue. This fixed it for me: http://textslashplain.com/2015/10/30/reset-fiddlers-https-certificates/
Fiddler 1.3.0+ (This is the new build and comes after 4.6.1.5+)
- Click Settings (the cog in the top right hand corner).
- Select the HTTPS tab from the left hand panel
- Click Trust root certificate
- Accept all prompts
- You may need to restart Fiddler
Fiddler 4.6.1.5+
Click Tools > Options.
Click the HTTPS tab.
Ensure that the text says Certificates generated by CertEnroll engine.
(Note: You may notice that it's not possible to change the engine from MakeCert to CertEnroll, in such case restart Fiddler and start from the beginning, it should show CertEnroll then.)
Click Actions > Reset All Certificates. This may take a minute.
Accept all prompts (to remove and re-add certificates)
Fiddler 4.6.1.4 and earlier
- Click Tools > Options.
- Click the HTTPS tab.
- Uncheck the Decrypt HTTPS traffic checkbox.
- Click the Remove Interception Certificates button. This may take a minute.
- Accept all of the prompts that appear (e.g. Do you want to delete these certificates, etc.)
- (Optional) Click the Fiddler.DefaultCertificateProvider link and verify that the dropdown is set to CertEnroll.
- Exit and restart Fiddler.
- Click Tools > Options.
- Click the HTTPS tab.
- Re-check the Decrypt HTTPS traffic checkbox.
- Accept all of the prompts that appear (e.g. Do you want to trust this root certificate)
I think this is probably just one of many potential solutions for this, but it's coming up as one of the top search results for "your connection is not private fiddler" so I'll add it. Hopefully it'll help anyone else who comes across it.
NOTE: A few people have commented that they needed to restart Fiddler after running the above.
Solution 2:
It's also worth checking whether a certificate generator plugin could be to blame.
In my case, Fiddler was using CertMaker.BCCertMaker
. After uninstalling, reinstalling and reverting to CertEnroll engine
, SSL works again.
- Uninstall Fiddler and all its settings.
- Install the latest version.
- In Confirm Tools -> Telerik Fiddler Options... -> HTTPS, confirm that
CertEnroll engine
performs certificate generation. - On the same dialog, press Actions -> Reset All Certificates as in Chris's answer, accepting all prompts.
- Restart Fiddler.
Solution 3:
I was having the same issue with chrome / fiddler on ubuntu 20.04 not trusting the root certificate. I used the below steps to install fiddler - its a beta 'fiddler everywhere' which seems like its missing a few things that were there in windows version but it does work. Im not sure if this depends on (sudo apt install mono-complete). I tried the full version which did require mono so I definitely have that on my system but think mono is broken. Thinking that fiddler everywhere is somehow self contained.
download https://www.telerik.com/fiddler-everywhere/insiders
chmod a+x fiddler-everywhere-insiders.AppImage
- ./fiddler-everywhere-insiders.AppImage
I exported the certificate from fiddler options/https as crt (extensions for certs are confusing but I think this really is an x509 ssl certificate). To import to chrome I searched settings for 'manage certificates'. There are a bunch of tabs in that section and you have to select the authorities tab. I literally wasted an hour or more because I didn't see the tabs and was trying to import via the default 'your certificates' tab. Once I imported in the right place I was able to browse https traffic and fiddler everywhere could decrypt it.
Solution 4:
Adding to the answer by @chris, make sure that you connected your device in my case, my phone, to fiddler after clearing the certificates. Otherwise, it will still have older certificates and will not get new ones.