Working with the web, you will definitely end up having to generate a trusted certificate at least for your localhost. In my case, I have been working with certificates a bit more and the need of a personal CA was obviously the best solution. Moreover, I wanted to modify Fiddler's CA name to avoid having the ugly "DO_NOT_TRUST_FiddlerRoot". This post describes how I automated the certificate generation process and also mitigated the Firefox's warning about the old SHA1 hashing.
Generating the required certificates with the use of visual studio is a three step process.
As a bonus, on this script I generate yet another intermediate CA that fiddler will use in order to intercept the https web traffic and replace the scary and ugly “DO_NOT_TRUST_FiddlerRoot”. First you need to generate the certificate. I gave it a friendlier name that will remind me that fiddler is intercepting the traffic and then setup the two registry keys required to change the default certificate for fiddler.
These keys are located in HKEY_CURRENT_USER\Software\Microsoft\Fiddler2 and the certificate fiddler is looking for uses the following name “CN={MakeCertRootCN}{MakeCertSubjectO}” which by default (if the keys are not found) has the value “CN=DO_NOT_TRUST_FiddlerRoot, O=DO_NOT_TRUST, OU=Created by http://www.fiddler2.com”.
Hope you enjoy the following batch file and happy web development :)
Generating the required certificates with the use of visual studio is a three step process.
- Load visual studio command line tools in the command prompt: This is done doing a call "%VS120COMNTOOLS%..\..\vc\vcvarsall.bat" where VS120COMNTOOLS is an environment variable pointing to the path of the visual studio 2013 (aka vs120) tools.
- Generate a CA specifying the -cy authority attribute in the makecert tool. Also note that I am using sha256 and a key length of 2048 in order to address the phasing out warning firefox is flooding you with in the debug console.
- Generate the CN=localhost certificate. Note that you could use multiple CNs making a Subject Alternative Name (SAN) certificate using the , separator like “CN=localhost, CN=ubersite.eu, CN=*.locahost”.
As a bonus, on this script I generate yet another intermediate CA that fiddler will use in order to intercept the https web traffic and replace the scary and ugly “DO_NOT_TRUST_FiddlerRoot”. First you need to generate the certificate. I gave it a friendlier name that will remind me that fiddler is intercepting the traffic and then setup the two registry keys required to change the default certificate for fiddler.
These keys are located in HKEY_CURRENT_USER\Software\Microsoft\Fiddler2 and the certificate fiddler is looking for uses the following name “CN={MakeCertRootCN}{MakeCertSubjectO}” which by default (if the keys are not found) has the value “CN=DO_NOT_TRUST_FiddlerRoot, O=DO_NOT_TRUST, OU=Created by http://www.fiddler2.com”.
Hope you enjoy the following batch file and happy web development :)
No comments:
Post a Comment