Firefox, Fiddler and HTTPS

1 minute read

Today I was debugging some interaction between one of our products and Twitter 1.1 API protected by OAuth 1.0a . As it happens, I was using Fiddler to have a look at tokens being passed back and forth.

As I finished my debug session, I forgot to turn off Fiddler session and wanted to check my emails on gmail. I was getting warnings by Firefox about google SSL certificate chain not being valid. Strange. Then I moved to Facebook and there I also had all kind of problems. After adding an exception for Facebook.com to the SSL trust (!) I was able to open the site, but as text only without any additional resource (images, css): you can imagine what Facebook site looked like. I could not even browse to support.mozilla.org because Firefox did not even trust that side (ironically enough...)!

After a white it dawned on my that Fiddler might be the culprit: surely enough, after turning off Fiddler everything went back to normal.

So the moral of the story is: if you see sudden problems with Firefox and HTTPS, be sure that you don't have Fiddler running in the background causing havoc. :)

UPDATE: Eric in the comments suggests how to configure Firefox to accept Fiddler's certificate (see http://fiddler2.com/blog/blog/2013/04/01/configuring-firefox-for-fiddler)

Updated:

Leave a Comment