F-EOL versions of Firefox: How to remove co-opted Diginotar CA?
Daniel B. Thurman
dant at cdkkt.com
Tue Sep 6 15:18:34 UTC 2011
On 09/06/2011 08:08 AM, Pasha R wrote:
> On Tue, Sep 6, 2011 at 5:19 PM, Daniel B. Thurman <dant at cdkkt.com> wrote:
>> For EOL FF versions, how can I remove the co-opted
>> Diginotar CA certificate? Instructions given by Mozilla
>> does not remove this certificate.
>>
>> If the root CA's cannot be manually removed, Is there
>> a FF rpm that has the fix?
> Uneducated guess: try running FF as root and then following
> instructions by mozilla
I already explained that the instructions given by Mozilla
does not work. You can try to 'delete' DigiNotar per Mozilla's
instructions, having done that, and going back to check will
show that it still appears. This root CA is a built-in object...
so it cannot be deleted.
Since there are no updates for end-of-life fedora versions, one
may have to backport the ca-certificates packages, since not
only Firefox is affected but many others such as Seamonkey,
Thunderbird, and many other applications, as Kevin Fenzi wrote.
Now... I need to figure out how to do a backport of ca-certificates
pkg so if anyone has any idea how this can be done, I am all ears...
More information about the users
mailing list