It wouldn't be a Fidelis cert, it would be a cert signed by whatever CA is installed on the SSL terminator. What would happen if you locally revoked trust of the CA in question is you would get warnings that the connection is unsafe as you would with any other TLS error, e.g. hostname mismatch, untrusted cert, etc. Depending on the client behaviour you may be able to continue with the connection.