How to avoid JAVA certificate warning with Fiddler

Question

Using Fiddler, Java applications give “The certificate is not valid and cannot be used to verify the identity of this website” warning when they connect to servers through Fiddler proxy. It might cause because the URL with proxy is not exactly the same as the one provided by CA.(Like example.com:8888 but CA provides example.com) I tried to fix it by reading this article, but it didn't help me. The same situation happen with mitmproxy.

I've already added the .cer file as a trusted ca to JAVA cacerts.

Is there any way to avoid or disable the warning?

enter image description here

As I got the Error in Japanese, I provide the same error of the English version from web.

The certificate is not valid and cannot be used to verify the identity of this website

java version "1.8.0_31"
Java(TM) SE Runtime Environment (build 1.8.0_31-b13)
Java HotSpot(TM) 64-Bit Server VM (build 25.31-b07, mixed mode)

Just to avoid it, use Java 8 Update 20. But I know it's not good practice. — fx-kirin, Feb 20 '15 at 12:47

score 1 · Answer 1 · answered Feb 20 '15 at 11:04

1

You can export the Fiddler Root certificate and then import it into a Java keystore (e.g. using Portecle).

The created keystore (e.g. named "mytruststore.jks") can be used by Java as "truststore", for example via command-line:

java -D javax.net.ssl.trustStore=mytruststore.jks -jar MyProgram.jar

answered Feb 20 '15 at 11:04

Robert

39,162
17
99
152

1

It worked until Java 8 Update 20. But with later version, it doesn't. – fx-kirin Feb 20 '15 at 12:46

How to avoid JAVA certificate warning with Fiddler

1 Answers1