How to monitor encrypted HTTP sessions from a web proxy

Introduction

This knowledge base article will show how a trusted connection can be setup between TaskCentre and a HTTP/S web proxy, such as Fiddler.

This will allow for the successful monitoring and debugging of web service traffic from TaskCentre and without errors occurring because of an untrusted connection.

This will require the SSL certificate of the web proxy to be imported into the TaskCentre server. For detailed instructions please see below:

Obtaining the Web Proxy Certificate

The certificate will first need to be exported from the web proxy so that it can be imported into the TaskCentre server.

Using Fiddler as an example,this is achieved as follows.

  1. Enter Fiddler Options.
  2. Select the HTTPS tab.
  3. Tick the boxes Capture HTTPS Connects and Decrypt HTTPS traffic.
  4. Click the button Export Root Certificate to Desktop.
    1Figure 1. ‘Fiddler Options’ dialog – Export Root Certificate to Desktop.

Installing the SSL Certificate

This requires adding a Certificate snap-in within mmc for each of the listed three accounts: My user account, Service account and Computer account.

My user account

  1. On the TaskCentre Server machine run mmc from a command prompt.
  2. Select File -> Add/Remove Snap in.
  3. Select Certificates followed by Add.
  4. Select My user account then Finish.

Service account

  1. Still within the Add or Remove Snap-ins dialog, select Certificates followed by Add.
  2. Select Service Account then Next.
  3. Select Local computer then Next.
  4. Select TaskCentre Server from the list of services.
    2Figure 2. Certificates snap-in dialogue – Selecting the TaskCentre Server service.
  5. Click Finish

Computer account

  1. Still within the Add or Remove Snap-ins dialog, select Certificates followed by Add.
  2. Select Computer account then Next.
  3. Select Local computer then Finish.Three snap-ins will now display as follows:3Figure 2. Add or Remove Snap-ins dialog – Showing added snap-ins for each account.
  4. Click OK to save and close.

Having completed the above procedure the web proxy certificate now needs to be imported into each of the three accounts. Continue as follows:

  1. Within the folder structure of the console expand the node Certificates – Current User-> Trusted Root Certificate Authorities.
  2. Import the certificate into the Certificates folder. Right-click on the folder and select All Tasks -> Import.
    4(1)Figure 3. Imported web proxy certificate for ‘Current User’. This example show the Fiddle certificate.
  3. Complete steps 1 and 2 again for the Service and Local Computer account by importing the web proxy certificate into the Certificates folder within Trusted Root Certificate Authorities.

This completes importing the web proxy certificate onto the TaskCentre server.