How do you remove the root CA certificate that fiddler installs

Fiddler helpfully offers to add a unique root CA certificate to intercept HTTPS traffic.

Once this certificate has been added, how do you go about removing it?

enter image description here


Either of two ways:

1) Disable HTTPS decryption and click the button titled "Remove Interception Certificates"

fiddler options dialog

2) Open CertMgr.msc, open the Personal and Trusted Stores, and use the Delete key on the root.


Since Fiddler 4.6.1.5 the GUI is a bit different.

Fiddler Options

Go to Tools -> Fiddler Options -> HTTPS. Then click the "Actions" button and then "Reset All Certificates"

It will popup a message that it could take a while but it's really quick. Approve all popups and there you go.

Pay attention not to re-approve the certificate again (when I did it the message for approving the certificates popped up when I finished to approve all the popups.)


In Fiddler go to Tools » Options » HTTPS.
Then uncheck Decrypt HTTPS traffic and run Actions » Remove Interception Certificates.

This will remove all Fiddler certs from the Windows certificate store.

enter image description here

Background:
Fiddler is obviously using a kind of white hat "man in the middle" approach to decrypt and inspect any HTTPS traffic. To do that, it needs its own certs to be trusted. Therefore leaving Decrypt HTTPS traffic checked but removing the Fiddler certs as proposed in other answers does not make a lot of sense, as Fiddler can't decrypt then anyway.


Just expanding on EricLaw's 2nd option, which is more useful if you've put that cert on multiple devices (fairly common during network testing), and you only want to remove it on one (source - http://www.cantoni.org/2013/11/06/capture-android-web-traffic-fiddler):

  1. Go to the Security tab in settings
  2. Tap Trusted credentials, then select the User tab
  3. Tap on the Fiddler “Do not trust” certificate, then scroll down to remove it
  4. You may need to power cycle your device to get all apps to forget about the Fiddler certificate (e.g., the Chrome browser will continue to try to use it for a while)