Introducing CertEnroll Certificate Generator in Fiddler

Fiddler provides a new engine which include a new certificate generation based on the Windows CertEnroll APIs instead of the legacy MakeCert.exe engine. The main benefit of CertEnroll engine is that it generates certificates that contain the SubjectKeyIdentifier and AuthorityKeyIdentifier extensions required for use with iOS clients.

As part of this development, CertMaker add-on is no longer required on Windows 7 and later if you make use of Fiddler

It is possible to configure Fiddler to use the CertEnroll engine when running on Windows 7+ by clicking on the Fiddler.DefaultCertificateProvider link inside the Tools > Fiddler Options > HTTPS tab

Fiddler Options

You will be able to switch from the old MakeCert.exe engine to the CertEnroll engine with the help of the dialog which appears when you perform the above operation. Fiddler generates certificates using the new engine after you restart it.

Certificate Creation Preferences

In order to debug your own website using Fiddler, you need to select Rules > Customize Rules and scroll to the Main function and add the following line:

CertMaker.StoreCert("", "C:\\temp\\cert.pfx", "TopSecretPassword");

Fiddler automatically make use of the certificate you specified when decrypting traffic to the hostname you provided upon saving the script. The .pfx file will have both the certificates and private key, which is well protected by a password which you must supply in your script.

Leave a Comment