Login to start a new topic

Fiddler has trashed all my Certificates

I ran Fiddler yesterday and since then I'm getting certificate errors everywhere.


See screenshots - it appears to have just taken over every certificate on my system. How do I fix this?

image


It doesn't let me access websites - e.g. Zendesk:

image


I need this fixing urgently.


Each certificate issued by Fiddler (the ones issued by DO_NOT_TRUST_FiddlerRoot) is used for decrypting secure sessions by Fiddler Classic only. These certificates are created by the Fiddler Classic application when the Fiddler proxy is running, and you are opening one of those sites. So removing them will only affect Fiddler (as you will no longer be able to decrypt the encrypted traffic with Fiddler Classic). You can safely remove them, which won't affect how you access these domains.


If you use Fiddler Everywhere, you will notice that no new certificates are added in Personal > Certificates. Instead, Fiddler Everywhere creates a single trust root CA through Settings > HTTPS > Trust Root Certificate (the certificate is placed in Trust Root Certificate Authority > Certificates) and uses it to decrypt all secure traffic that flows through the system proxy.

I have 2746 personal certificates now showing as issued by Fiddler. They don't look as if they were used only by Fiddler - just to confirm you are recommending deleting all these?


image


These certificates (the ones named DO_NOT_TRUST_FiddlerRoot) are created by Fiddler and are used only by Fiddler. You can remove them explicitly by deleting them.

It's ok I've uninstalled Fiddler.

So how do I clear the "issued by" for all these certificates?

Removing the DO_NOT_TRUST_FiddlerRoot certificate will result that your pages will be opened with the default root certificate instead of using the Fiddler ones. The immediate change will be that Fiddler Classic will no longer be able to decrypt traffic from those sites (until the certificates are reinstalled or the Bouncy Castle certificate manager is installed and set). 

Hi Nick
You mentioned manually removing certificates - is that going through this list clicking "Remove"? Is that going to cause any problems? Or this there some other way to do this?

image


The BouncyCastle add-on is listed as CertMaker for iOS and Android

Or alternatively, you could uninstall Fiddler Classic, remove the obsolete certificates manually, and install Fiddler Everywhere (which uses BouncyCastle by default)

Hi Nick

Thanks for your quick reply. Unfortunately that menu item is disabled for me too - how can I enable it?

image


Also just opening Fiddler to go to the options menu resets that root certificate again and actually stopped me getting back to this site until I deleted it again.

Also the fiddler add-on link doesn't seem to have the Bouncy Castle add-on although there are some other add-ons related to certs.

Thanks

John

Based on the provided screenshots, it seems that you are using Fiddler Classic, and the default certificate generator for Fiddler Classic will create a certificate for each page. You can remove the by using the Remove Interception Certificates from the options menu (the disabled one in the screenshot below). 



Once you clean up the certificates, you have the option to change the default certificate generator to BouncyCastle, as explained in this article https://www.telerik.com/blogs/understanding-fiddler-certificate-generators. The BouncyCastle certmaker add-on is available from the official add-on list at https://www.telerik.com/fiddler/add-ons . Using BouncyCastle would mean that you will install only a single root trust certificate.


Alternatively, you can entirely migrate to our new Fiddler Everywhere, which is using BouncyCastle by default. 


Login to start a new topic