clearing fiddler *.domain server authentication certificates

[robertob]

if you visit fiddler | tools | options | https | actions | certificate manager | personal and clear all the fiddler added *.domain server authentication certificates, in order to clean up my personal certificate store list, will it automatically recreate them as needed or at that point are you required to use fiddler | tools | options | https | actions | reset all certificates to get https decryption support back in working order?

[EricLaw]

You can manually delete any server certificates you like and Fiddler will recreate them, but do so when Fiddler isn't running. Alternatively, just tick the "Clear Server Certificates on Exit" option in the certificate generator's configuration screen.

You can also switch to the https://fiddler2.com/r/?fiddlercertmaker which won't add these at all.

[robertob]

thanks for clarification and pointers to related options

wrt. "clear server certificates on exit" option I looked under tools | options | general & https and seem to be overlooking that option, am I looking in wrong place in 4.6.2.2 install?

wrt "certmaker" does that work for targets other than just the advertised android & ios scenarios?

[EricLaw]

Click on the hyperlink listing the generator on the right-side of the HTTPS tab to configure the generator's options.

I talk about certificate generators in http://www.telerik.com/blogs/the-certenroll-certificate-generator and the first link in that post. The CertMaker Addon is advertised mentioning iOS and Android only because the old default generator (makecert) didn't work with those platforms. Both CertEnroll (the new default) and the CertMaker Addon work with all clients, including mobile devices. The CertMaker Addon has the additional benefit that it doesn't add server certs to your Windows Certificate store.

[robertob]

gotcha, that let me access that desirable setting.

when I first enable https decryption [ or later use actions | reset all certificates ] I find it adds two instances of the DO_NOT_TRUST_FiddlerRoot root certificate to the Current User | Trusted Root Certificate Authorities certificate store but only one instance of it to the Local Computer  | Trusted Root Certificate Authorities certificate store.   is that extra instance in current user | trca folder by design and required?

[Eric Lawrence]

> is that extra instance in current user | trca folder by design and required?

I'm pretty sure this is a UX glitch in the MMC itself, whereby it attempts to generate a merged view of the Trusted Root authorities and it doesn't deduplicate authorities that are trusted both machine-wide and within the current user-account. As far as I can tell, there's no harm in this UX glitch.