Unplanned
Last Updated: 24 Jun 2020 12:30 by ADMIN
yuweiming
Created on: 24 Jun 2020 11:48
Type: Bug Report
2
Intermediate Certificates and Trusted Roots Certs of Current User Store exist after "Remove Interception Certificates" option

Removing interception certificates via Fiddler options "Remove Interception Certificates" only removes them from Personal and Trusted Root Certification Authorities of the Local Computer Store.

Certificates located in Current User Store - Trusted Root Certification Authorities  and Intermediate Certificates is not removed.

This certificate is not trusted after using "Remove Interception Certificates" and has status "This CA Root certificate is not trusted because it is not in the Trusted Root Certification Authorities store".

sigcheck -t[u]v doesn't show any warnings.

Tested this on both Windows 7 and 10.

Tried refreshing certmgr, restarting it, and rebooting machine with no success - certificates are still there.

This should

 

1 comment
ADMIN
Eric R | Senior Technical Support Engineer
Posted on: 24 Jun 2020 12:30

Hi Yuweiming,

Thanks again for bringing this to our attention and this has been added to the backlog. At this time, there is workaround which I have listed the steps below.

Step 1: Manually delete the certificates from the Current User Store. To do this follow the below steps.

  1. Use Ctrl + R , type mmc and hit enter.
  2. Add the Certificates Add-in to the Console.
  3. Select Current User.
  4. Select the Fiddler Root Certificates in the Trusted Root Certification Authorities and hit delete.
  5. Select the Fiddler Root Certificate in the Intermediate Certificates and hit delete.

Step 2: Use the CertMaker for iOS and Android Add-on for HTTPS decryption.

  • This uses the BouncyCastle certificate generator which only adds the certificates to the Local Machine Store.

I tested the above locally and can confirm that after deleting the Current User certificates and using the BouncyCastle certificate generator the Current User certificates are not created. Let me know if this doesn't happen in your environment.

Please let me know if you need any additional information. As always, we welcome any feedback that you may have. Thank you and I look forward to your reply.

Regards,


Eric R | Senior Technical Support Engineer
Progress Telerik

Progress is here for your business, like always. Read more about the measures we are taking to ensure business continuity and help fight the COVID-19 pandemic.
Our thoughts here at Progress are with those affected by the outbreak.