You are currently browsing legacy 5.3 version of documentation. Click here to switch to the newest 6.0 version.
    We can help you with migration to the latest RavenDB
    Contact Us Now
    see on GitHub

    Fiddler Usage With Secured Database

    When you want to use fiddler with secure database you need to configure fiddler that it could response and do requests as you.

    Respond to Requests Requiring a Client Certificate

    First you need to create .CER file:

    1. Open Manege User certificates

    2. Right-click the certificate in Personal Certificates Store.

    3. Click All Tasks > Export

    Then you need to specify the .CER file for Fiddler to return for a given session.

    You have two options to do so:

    1. Add a FiddlerScript to OnBeforeRequest function: 
      oSession["https-Client-Certificate"] = "C:\\test\\someCert.cer";
    2. Place your .CER file in '%USERPROFILE%\My Documents\Fiddler2\ClientCertificate.cer' ( the name must be ClientCertificate.cer)

    Warning

    If you do this your client certificate is exposed through fiddler

    Accepting response by the client

    • Option 1: Configure Windows Client to trust Fiddler Root Certificate

      1. Click Tools > Fiddler Options > HTTPS.

      2. Click the Decrypt HTTPS Traffic box.

      3. Next to Trust the Fiddler Root certificate?, click Yes.

      4. After Do you want to install this certificate?, click Yes.

    Danger

    If you do this windows will automatically trust any certificate issued by this CA. This is a security risk!

    • Option 2: Client will ignore certificate validation

      In the application you should set:

      Raven.Client.Http.RequestExecutor.RemoteCertificateValidationCallback += (sender, cert, chain, errors) => true;

    Danger

    If you do this and forget to remove it from your code, your client will accept any response!

    see on GitHub
    Home / Docs / Server / Security / Fiddler Usage With Secured Database