Class CertMaker

This class is used to find and create certificates for use in HTTPS interception. The default implementation (DefaultCertProvider object) uses the Windows Certificate store, but if a plugin ICertificateProvider is provided, it is used instead.

Inheritance
System.Object
CertMaker
Namespace: Fiddler
Assembly: FiddlerCore.dll

Syntax

public class CertMaker : Object

Constructors

CertMaker()

Declaration
public CertMaker()

Fields

oCertProvider

Enables specification of a delegate certificate provider that generates certificates for HTTPS interception.

Declaration
public static ICertificateProvider oCertProvider
Field Value
ICertificateProvider

Methods

ClearCertificateCache(Boolean, out CertificateStoreOperationStatus)

Removes Fiddler-generated certificates from the Windows certificate store

Declaration
public static bool ClearCertificateCache(bool bRemoveRoot, out CertificateStoreOperationStatus status)
Parameters
System.Boolean bRemoveRoot

Indicates whether Root certificates should also be cleaned up
CertificateStoreOperationStatus status

Status of add/remove operation to store
Returns
System.Boolean

createRootCert()

Create a self-signed root certificate to use as the trust anchor for HTTPS interception certificate chains

Declaration
public static bool createRootCert()
Returns
System.Boolean

TRUE if successful

CreateRootCertificate()

Create a self-signed root certificate to use as the trust anchor for HTTPS interception certificate chains

Declaration
public static bool CreateRootCertificate()
Returns
System.Boolean

TRUE if successful

DoDispose()

Dispose of the Certificate Provider, if any.

Declaration
public static void DoDispose()

EnsureReady()

Ensures that the Certificate Generator is ready; thread-safe

Declaration
public static void EnsureReady()

FindCert(String)

Request a certificate with the specified SubjectCN

Declaration
public static X509Certificate2 FindCert(string sHostname)
Parameters
System.String sHostname

A string of the form: "www.hostname.com"
Returns
System.Security.Cryptography.X509Certificates.X509Certificate2

A certificate or /null/ if the certificate could not be found or created

GetCertProviderInfo()

Gets the name of the current certificate provider instance used to create Fiddler certificates

Declaration
public static string GetCertProviderInfo()
Returns
System.String

The name and location of the certificate provider instance

GetRootCertificate()

Returns the Root certificate that Fiddler uses to generate per-site certificates used for HTTPS interception.

Declaration
public static X509Certificate2 GetRootCertificate()
Returns
System.Security.Cryptography.X509Certificates.X509Certificate2

Returns the root certificate, if present, or null if the root certificate does not exist.

HasRootCertificate()

Checks if the current certificate provider has generated a Root certificate authority.

Declaration
public static bool HasRootCertificate()
Returns
System.Boolean

True if root certificate is valid and loaded

IsRootCertificateTrusted()

Is Fiddler's root certificate in the Root store?

Declaration
public static bool IsRootCertificateTrusted()
Returns
System.Boolean

TRUE if so

IsRootCertificateTrustedMachine()

Is Fiddler's root certificate in the Machine Root store? This method works only on Windows platforms.

Declaration
public static bool IsRootCertificateTrustedMachine()
Returns
System.Boolean

TRUE if so

ReadRootCertificateAndPrivateKeyFromPkcs12File(String, String, String)

When this method is called, your extension should read the root certificate and its private key from the PKCS#12 file(.pfx | .p12).

Declaration
public static void ReadRootCertificateAndPrivateKeyFromPkcs12File(string filename, string password, string alias = null)
Parameters
System.String filename

The filename of the PKCS#12 file (.pfx | .p12).
System.String password

The password which is used to protect the private key. Could be null or empty if the private key is not protected.
System.String alias

The alias for the certificate and the private key. Could be null.

removeFiddlerGeneratedCerts(out CertificateStoreOperationStatus)

Removes Fiddler-generated certificates from the Windows certificate store

Declaration
public static bool removeFiddlerGeneratedCerts(out CertificateStoreOperationStatus status)
Parameters
CertificateStoreOperationStatus status

Returns
System.Boolean

removeFiddlerGeneratedCerts(Boolean, out CertificateStoreOperationStatus)

Removes Fiddler-generated certificates from the Windows certificate store

Declaration
public static bool removeFiddlerGeneratedCerts(bool bRemoveRoot, out CertificateStoreOperationStatus status)
Parameters
System.Boolean bRemoveRoot

Indicates whether Root certificates should also be cleaned up
CertificateStoreOperationStatus status

Status of add/remove operation to store
Returns
System.Boolean

rootCertExists()

Determine if the self-signed root certificate exists

Declaration
public static bool rootCertExists()
Returns
System.Boolean

True if the Root certificate returned from GetRootCertificate() is non-null, False otherwise.

rootCertIsMachineTrusted()

Is Fiddler's root certificate in the Machine Root store? This method works only on Windows platforms.

Declaration
public static bool rootCertIsMachineTrusted()
Returns
System.Boolean

TRUE if so

rootCertIsTrusted()

Is Fiddler's root certificate in the Root store?

Declaration
public static bool rootCertIsTrusted()
Returns
System.Boolean

TRUE if so

StoreCert(String, X509Certificate2)

Pre-cache a Certificate in the Certificate Maker that should be returned in subsequent calls to FindCert

Declaration
public static bool StoreCert(string sHost, X509Certificate2 oCert)
Parameters
System.String sHost

The hostname for which this certificate should be returned.
System.Security.Cryptography.X509Certificates.X509Certificate2 oCert

The X509Certificate2 with attached Private Key
Returns
System.Boolean

TRUE if the Certificate Provider succeeded in pre-caching the certificate. FALSE if Provider doesn't support pre-caching. THROWS if supplied Certificate lacks Private Key.

StoreCert(String, String, String)

Pre-cache a Certificate in the Certificate Maker that should be returned in subsequent calls to FindCert

Declaration
public static void StoreCert(string sHost, string sPFXFilename, string sPFXPassword)
Parameters
System.String sHost

The hostname for which this certificate should be returned.
System.String sPFXFilename

The filename of the PFX file containing the certificate and private key
System.String sPFXPassword

The password for the PFX file

trustRootCert()

Finds the Fiddler root certificate and prompts the user to add it to the TRUSTED store. Note: The system certificate store is used by most applications (IE, Chrome, etc) but not all; for instance, Firefox uses its own certificate store.

Declaration
public static bool trustRootCert()
Returns
System.Boolean

True if successful

TrustRootCertificate()

Finds the Fiddler root certificate and prompts the user to add it to the user TRUSTED store. Note: The system certificate store is used by most applications (IE, Chrome, etc) but not all; for instance, Firefox uses its own certificate store.

Declaration
public static bool TrustRootCertificate()
Returns
System.Boolean

True if successful

TrustRootCertificateMachine()

Finds the Fiddler root certificate and prompts the user to add it to the machine TRUSTED store. Note: The system certificate store is used by most applications (IE, Chrome, etc) but not all; for instance, Firefox uses its own certificate store.

Declaration
public static bool TrustRootCertificateMachine()
Returns
System.Boolean

True if successful

trustRootCertMachine()

Finds the Fiddler root certificate and prompts the user to add it to the machine TRUSTED store. Note: The system certificate store is used by most applications (IE, Chrome, etc) but not all; for instance, Firefox uses its own certificate store.

Declaration
public static bool trustRootCertMachine()
Returns
System.Boolean

True if successful

WriteRootCertificateAndPrivateKeyToPkcs12File(String, String, String)

Save the root certificate and its private key to a PKCS#12 file(.pfx | .p12).

Declaration
public static void WriteRootCertificateAndPrivateKeyToPkcs12File(string filename, string password, string alias = null)
Parameters
System.String filename

The filename of the PKCS#12 file (.pfx | .p12).
System.String password

The password which is used to protect the private key. If null or empty, the private key is written unprotected.
System.String alias

The alias for the certificate and the private key. If null, a random alias could be created.

WriteRootCertificateToDerEncodedFile(String)

Save the root certificate excluding the private key to a DER encoded file(.cer | .crt | .der).

Declaration
public static void WriteRootCertificateToDerEncodedFile(string filename)
Parameters
System.String filename

The filename of the DER encoded file (.cer | .crt | .der)