How do you remove the root CA certificate that fiddler installs
SslCertificateFiddlerSsl Problem Overview
Fiddler helpfully offers to add a unique root CA certificate to intercept HTTPS traffic.
Once this certificate has been added, how do you go about removing it?
Ssl Solutions
Solution 1 - Ssl
Either of two ways:
- Disable HTTPS decryption and click the button titled "Remove Interception Certificates"
- Open CertMgr.msc, open the Personal and Trusted Stores, and use the Delete key on the root.
Solution 2 - Ssl
Since Fiddler 4.6.1.5 the GUI is a bit different.
Go to Tools -> Fiddler Options -> HTTPS. Then click the "Actions" button and then "Reset All Certificates"
It will popup a message that it could take a while but it's really quick. Approve all popups and there you go.
Pay attention not to re-approve the certificate again (when I did it the message for approving the certificates popped up when I finished to approve all the popups.)
Solution 3 - Ssl
In Fiddler go to Tools
» Options
» HTTPS
.
Then uncheck Decrypt HTTPS traffic
and run Actions
» Remove Interception Certificates
.
This will remove all Fiddler certs from the Windows certificate store.
Background:
Fiddler is obviously using a kind of white hat "man in the middle" approach to decrypt and inspect any HTTPS traffic. To do that, it needs its own certs to be trusted. Therefore leaving Decrypt HTTPS traffic
checked but removing the Fiddler certs as proposed in other answers does not make a lot of sense, as Fiddler can't decrypt then anyway.
Solution 4 - Ssl
Just expanding on EricLaw's 2nd option, which is more useful if you've put that cert on multiple devices (fairly common during network testing), and you only want to remove it on one (source - http://www.cantoni.org/2013/11/06/capture-android-web-traffic-fiddler):
- Go to the Security tab in settings
- Tap Trusted credentials, then select the User tab
- Tap on the Fiddler “Do not trust” certificate, then scroll down to remove it
- You may need to power cycle your device to get all apps to forget about the Fiddler certificate (e.g., the Chrome browser will continue to try to use it for a while)
Solution 5 - Ssl
Here is the procedure with Progress Telerik Fiddler Classic
in its version v5.0.20211.51073
.
-
Go to
Tools
>Options
>HTTPS
. You should be met with the following window. The option toRemove Interception Certificates
is greyed out, becauseDecrypt HTTPS traffic
is still toggled ON. -
Untick the box in front of
Decrypt HTTPS traffic
. The window will now be as follows, and you should be able toRemove Interception Certificates
.
In the end:
-
Fiddler Classic's root certificate has been removed:
-
Fiddler-generated Certificates have been removed:
To ensure that certificates related to Fiddler
have been effectively removed, in accordance with the messages displayed above, you could browse through authorized certificates with the following procedure.
- Click on
Open Windows Certificate Manager
:
NB: if you prefer to use Windows' built-in tools, e.g. if Fiddler has been uninstalled,
- Press
Win+R
, typecertmgr.msc
in the search box, then pressEnter
Then:
- Go to
Action
>Find Certificates...
- In the search box for
Contains:
, typeDO_NOT_TRUST_FiddlerRoot
- In the drop-down box for
Look in Field:
, ensure that the option is set toIssued By
. If the option were set toIssued To
, you would find fewer matches. - Click on the button
Find Now
to list every certificate .
In my case, there was one Fiddler-related certificate left after the procedure. If that is the case for you as well, then you may want to manually delete it, by right-clicking on this entry.