Last active
August 29, 2015 14:18
-
-
Save andreasbotsikas/71cc1150dcacc28f9830 to your computer and use it in GitHub Desktop.
Generate CA certificate for Fiddler
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| @ECHO OFF | |
| @rem Check for visual studio tools if not already loaded | |
| if defined VCINSTALLDIR goto GenerateCerts | |
| @rem Ensure that visual studio is available | |
| if not defined VS120COMNTOOLS goto msbuild-not-found | |
| if not exist "%VS120COMNTOOLS%..\..\vc\vcvarsall.bat" goto msbuild-not-found | |
| call "%VS120COMNTOOLS%..\..\vc\vcvarsall.bat" | |
| @rem Check that vs is properly loaded | |
| if not defined VCINSTALLDIR goto msbuild-not-found | |
| :GenerateCerts | |
| @REM Generate a CA | |
| makecert -r -pe -n "CN=ca.localhost" -e 10/25/2985 -ss my -sr CurrentUser -sky exchange -sp "Microsoft RSA SChannel Cryptographic Provider" -sy 12 | |
| @REM Generate Fiddler's signing certificate | |
| makecert -pe -n "CN=DO_NOT_TRUST_FiddlerRoot, O=DO_NOT_TRUST, OU=Created by http://www.fiddler2.com" -ss my -is my -ir CurrentUser -in "ca.localhost" -sky signature -eku 1.3.6.1.5.5.7.3.1 -h 1 -cy authority -a "sha256" -m 132 -b 01/01/2014 | |
| @REM If you use the next registry edit, you can create another intermediate without the Fiddler name in it | |
| makecert -pe -n "CN=another.intermediate" -ss my -is my -ir CurrentUser -in "ca.localhost" -sky signature -eku 1.3.6.1.5.5.7.3.1 -h 1 -cy authority -a "sha256" -m 132 -b 01/01/2014 | |
| @REM In order to export the newly created certificates | |
| @REM Run mmc.exe | |
| @REM File-> Add or Remove Snap-ins | |
| @REM Select Certificates from the left and then My User account (if above is CurrentUser) | |
| @REM They should be in the Personal->Certificates folder. | |
| pause | |
| exit /B 0 | |
| :msbuild-not-found | |
| echo Visual studio tools were not found! Please check the VS100COMNTOOLS path variable | |
| exit /B 1 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| @ECHO OFF | |
| @rem Check for visual studio tools if not already loaded | |
| if defined VCINSTALLDIR goto GenerateCerts | |
| @rem Ensure that visual studio is available | |
| if not defined VS120COMNTOOLS goto msbuild-not-found | |
| if not exist "%VS120COMNTOOLS%..\..\vc\vcvarsall.bat" goto msbuild-not-found | |
| call "%VS120COMNTOOLS%..\..\vc\vcvarsall.bat" | |
| @rem Check that vs is properly loaded | |
| if not defined VCINSTALLDIR goto msbuild-not-found | |
| :GenerateCerts | |
| @REM Generate a CA. Note the -cy authority for fiddler | |
| makecert -r -pe -n "CN=ca.localhost" -cy authority -a sha256 -len 2048 -e 10/25/2985 -ss my -sr CurrentUser -sky exchange -sp "Microsoft RSA SChannel Cryptographic Provider" -sy 12 | |
| @REM Generate localhost certificate | |
| makecert -pe -n "CN=localhost" -a sha256 -len 2048 -e 01/01/2982 -is my -ir CurrentUser -in "ca.localhost" -ss my -sr CurrentUser -sky exchange -sp "Microsoft RSA SChannel Cryptographic Provider" -sy 12 | |
| @REM Export certificates | |
| powershell -Command "&{get-childitem cert:\currentuser\my -dnsname ca.localhost | export-certificate -filepath ca.cer}" | |
| powershell -Command "&{$mypwd = ConvertTo-SecureString -String "aaaaaa" -Force -AsPlainText; get-childitem cert:\currentuser\my -dnsname localhost | export-pfxcertificate -filepath localhost.pfx -password $mypwd;}" | |
| @REM Import certificates | |
| powershell -Command "&{Import-Certificate -FilePath ca.cer -CertStoreLocation 'Cert:\LocalMachine\Root'}" | |
| powershell -Command "&{$mypwd = ConvertTo-SecureString -String "aaaaa" -Force -AsPlainText; Import-PfxCertificate -FilePath localhost.pfx Cert:\LocalMachine\My -Password $mypwd;}" | |
| @REM Generate fiddler certificate | |
| makecert -pe -n "CN=fiddler.intermediate" -a sha256 -len 2048 -e 01/01/2982 -is my -ir CurrentUser -in "ca.localhost" -ss my -sr CurrentUser -sky signature -eku 1.3.6.1.5.5.7.3.1 -cy authority -sy 1 | |
| @REM set fiddler to work with new intermediate to be able to delete custom certs | |
| powershell -Command "&{Set-ItemProperty -Path HKCU:\Software\Microsoft\Fiddler2 -Name MakeCertRootCN -Value "fiddler.intermediate"; Set-ItemProperty -Path HKCU:\Software\Microsoft\Fiddler2 -Name MakeCertSubjectO -Value $([string]::Empty);}" | |
| @REM update fiddler's cert generation command to generate stronger certs for firefox (len 2048) | |
| powershell -Command "&{Set-ItemProperty -Path HKCU:\Software\Microsoft\Fiddler2 -Name MakeCertParamsEE -Value '-pe -ss my -n "CN={0}{1}" -sky exchange -len 2048 -in {2} -is my -eku 1.3.6.1.5.5.7.3.1 -cy end -a {3} -m 132 -b {4} {5}';}" | |
| @REM In order to see and export the newly created certificates | |
| @REM Run mmc.exe | |
| @REM File-> Add or Remove Snap-ins | |
| @REM Select Certificates from the left and then My User account (if above is CurrentUser) | |
| @REM They should be in the Personal->Certificates folder. | |
| pause | |
| exit /B 0 | |
| :msbuild-not-found | |
| echo Visual studio tools were not found! Please check the VS100COMNTOOLS path variable | |
| exit /B 1 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Windows Registry Editor Version 5.00 | |
| [HKEY_CURRENT_USER\Software\Microsoft\Fiddler2] | |
| "MakeCertRootCN"="another.intermediate" | |
| "MakeCertSubjectO"="" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment