Fiddler helpfully offers to add a unique root CA certificate to intercept HTTPS traffic.
Once this certificate has been added, how do you go about removing it?
Asked
Active
Viewed 8.5k times
106
-
2This also removes all the other interception certs that bog down my VPN client!!! – felickz Feb 21 '15 at 00:36
-
And break the cisco client – Bob Feb 13 '19 at 19:40
5 Answers
90
Either of two ways:
1) Disable HTTPS decryption and click the button titled "Remove Interception Certificates"
2) Open CertMgr.msc, open the Personal and Trusted Stores, and use the Delete key on the root.
-
-
2@MikeFlynn: It's not really clear what you're asking. The procedure in Windows 8 is the same as everywhere else. – EricLaw Jun 10 '15 at 13:14
-
-
-
1Eric, After following the step 1, I can see in certmgr.msc that personal certificates installed by fiddler are removed though I can see a fiddler certificate in "Intermediate certificate authorities" section. Do I need to remove that manually? Bug? – Sriram Sakthivel Jan 05 '16 at 18:57
-
Fiddler's certificate shouldn't ever appear within "Intermediate certificate authorities"; you should be able to simply delete it. – EricLaw Jan 07 '16 at 04:29
-
1@EricLaw This option seems to have disappeared in the newest version of fiddler, and the replacement option [seems to be disabled](http://imgur.com/O2XJiNG). Any thoughts? – JMK Jan 15 '16 at 23:50
-
1@JMK: The option was merely moved. The menu item, like its button predecessor, is disabled until you uncheck `Decrypt HTTPS traffic`. – EricLaw Jan 21 '16 at 05:40
-
-
@JMK: Comments are a poor a support forum, and your response isn't actionable anyway. Happy to chat; click Help > Fiddler Discussions. – EricLaw Jan 21 '16 at 17:00
-
The 2nd step is useful especially if you uninstalled fiddler without removing the certs first. – Möoz Oct 29 '17 at 21:15
-
Is it safe to use this feature of Fiddler? Why are the certificates called `DO_NOT_TRUST_fiddlerroot` ? Is that an inside joke? – Shayan Sep 23 '20 at 19:41
-
1The point of naming the CA root `DO_NOT_TRUST` is to communicate to anyone who doesn't know why they're seeing it that they should not trust it. People who know why they're seeing it (Devs deliberately using Fiddler) can trust it if they want. – EricLaw Sep 24 '20 at 20:43
80
Since Fiddler 4.6.1.5 the GUI is a bit different.
Go to Tools -> Fiddler Options -> HTTPS. Then click the "Actions" button and then "Reset All Certificates"
It will popup a message that it could take a while but it's really quick. Approve all popups and there you go.
Pay attention not to re-approve the certificate again (when I did it the message for approving the certificates popped up when I finished to approve all the popups.)
Martijn Pieters
- 1,048,767
- 296
- 4,058
- 3,343
Eyal Abir
- 1,080
- 8
- 11
-
2Are you sure you don't need to first deselect the "Decrypt HTTPS traffic", then choose "Remove Interception Certificates"? – bozzle Apr 18 '17 at 00:51
-
1
-
5
-
7@Stephen I unchecked "Decrypt HTTPS traffic" and selected "remove interception certificates" and that worked for me. – user1747935 Sep 06 '17 at 16:06
-
3I'm on v5.0.2#####.#####, and `Reset All Certificates` simply generated a new one. It didn't prompt to delete the old until I unchecked `Decrypt HTTPS traffic` and then ran `Remove Interception Certificates` – Stephen Jan 27 '18 at 01:24
10
In Fiddler go to Tools » Options » HTTPS.
Then uncheck Decrypt HTTPS traffic and run Actions » Remove Interception Certificates.
This will remove all Fiddler certs from the Windows certificate store.
Background:
Fiddler is obviously using a kind of white hat "man in the middle" approach to decrypt and inspect any HTTPS traffic. To do that, it needs its own certs to be trusted. Therefore leaving Decrypt HTTPS traffic checked but removing the Fiddler certs as proposed in other answers does not make a lot of sense, as Fiddler can't decrypt then anyway.
Jpsy
- 20,077
- 7
- 118
- 115
5
Just expanding on EricLaw's 2nd option, which is more useful if you've put that cert on multiple devices (fairly common during network testing), and you only want to remove it on one (source - http://www.cantoni.org/2013/11/06/capture-android-web-traffic-fiddler):
- Go to the Security tab in settings
- Tap Trusted credentials, then select the User tab
- Tap on the Fiddler “Do not trust” certificate, then scroll down to remove it
- You may need to power cycle your device to get all apps to forget about the Fiddler certificate (e.g., the Chrome browser will continue to try to use it for a while)
Akhil Cherian Verghese
- 1,311
- 13
- 16
4
Here is the procedure with Progress Telerik Fiddler Classic in its version v5.0.20211.51073.
Go to
Tools>Options>HTTPS. The option toRemove Interception Certificatesis greyed out, becauseDecrypt HTTPS trafficis still toggled ON.Untick the box in front of
Decrypt HTTPS traffic. You should be able toRemove Interception Certificates.
In the end:
Fiddler Classic's root certificate has been removed.
Fiddler-generated Certificates have been removed.
To ensure that certificates related to Fiddler have been effectively removed, in accordance with the messages displayed above, you could browse through authorized certificates with the following procedure.
- Click on
Open Windows Certificate Manager.
NB: if you prefer to use Windows' built-in tools, e.g. if Fiddler has been uninstalled,
- Press
Win+R, typecertmgr.mscin the search box, then pressEnter
Then:
- Go to
Action>Find Certificates... - In the search box for
Contains:, typeDO_NOT_TRUST_FiddlerRoot - In the drop-down box for
Look in Field:, ensure that the option is set toIssued By. If the option were set toIssued To, you would find fewer matches. - Click on the button
Find Nowto list every certificate .
In my case, there was one Fiddler-related certificate left after the procedure. If that is the case for you as well, then you may want to manually delete it, by right-clicking on this entry.
Wok
- 4,956
- 7
- 42
- 64