How do you remove the root CA certificate that fiddler installs

Question

Fiddler helpfully offers to add a unique root CA certificate to intercept HTTPS traffic.

Once this certificate has been added, how do you go about removing it?

Answer 1

Here is the procedure with Progress Telerik Fiddler Classic in its version v5.0.20211.51073.

1. Go to Tools > Options > HTTPS. The option to Remove Interception Certificates is greyed out, because Decrypt HTTPS traffic is still toggled ON.

2. Untick the box in front of Decrypt HTTPS traffic. You should be able to Remove Interception Certificates.

In the end:

• Fiddler Classic's root certificate has been removed.

• Fiddler-generated Certificates have been removed.

---

To ensure that certificates related to Fiddler have been effectively removed, in accordance with the messages displayed above, you could browse through authorized certificates with the following procedure.

1. Click on Open Windows Certificate Manager.

NB: if you prefer to use Windows' built-in tools, e.g. if Fiddler has been uninstalled,

1. Press Win+R, type certmgr.msc in the search box, then press Enter

Then:

2. Go to Action > Find Certificates...
3. In the search box for Contains:, type DO_NOT_TRUST_FiddlerRoot
4. In the drop-down box for Look in Field:, ensure that the option is set to Issued By. If the option were set to Issued To, you would find fewer matches.
5. Click on the button Find Now to list every certificate .

In my case, there was one Fiddler-related certificate left after the procedure. If that is the case for you as well, then you may want to manually delete it, by right-clicking on this entry.

Answer 2

Since Fiddler 4.6.1.5 the GUI is a bit different.

Go to Tools -> Fiddler Options -> HTTPS. Then click the "Actions" button and then "Reset All Certificates"

It will popup a message that it could take a while but it's really quick. Approve all popups and there you go.

Pay attention not to re-approve the certificate again (when I did it the message for approving the certificates popped up when I finished to approve all the popups.)

Answer 3

In Fiddler go to Tools » Options » HTTPS.
Then uncheck Decrypt HTTPS traffic and run Actions » Remove Interception Certificates.

This will remove all Fiddler certs from the Windows certificate store.

Background:
Fiddler is obviously using a kind of white hat "man in the middle" approach to decrypt and inspect any HTTPS traffic. To do that, it needs its own certs to be trusted. Therefore leaving Decrypt HTTPS traffic checked but removing the Fiddler certs as proposed in other answers does not make a lot of sense, as Fiddler can't decrypt then anyway.

Answer 4

Just expanding on EricLaw's 2nd option, which is more useful if you've put that cert on multiple devices (fairly common during network testing), and you only want to remove it on one (source - http://www.cantoni.org/2013/11/06/capture-android-web-traffic-fiddler):

1. Go to the Security tab in settings
2. Tap Trusted credentials, then select the User tab
3. Tap on the Fiddler “Do not trust” certificate, then scroll down to remove it
4. You may need to power cycle your device to get all apps to forget about the Fiddler certificate (e.g., the Chrome browser will continue to try to use it for a while)

Answer 5

Either of two ways:

1) Disable HTTPS decryption and click the button titled "Remove Interception Certificates"

2) Open CertMgr.msc, open the Personal and Trusted Stores, and use the Delete key on the root.