F-EOL versions of Firefox: How to remove co-opted Diginotar CA?
Alan Cox
alan at lxorguk.ukuu.org.uk
Tue Sep 6 15:37:41 UTC 2011
On Tue, 06 Sep 2011 07:19:22 -0700
"Daniel B. Thurman" <dant at cdkkt.com> wrote:
> For EOL FF versions, how can I remove the co-opted
> Diginotar CA certificate? Instructions given by Mozilla
> does not remove this certificate.
I think you'll need to build a newer Firefox (and remember for a no
longer supported release the CA certificates are by now I believe not the
only problem you have, and actually probably not the most serious)
So you need a new firefox which will need various other bits updating
which means you can either
- rebuild the needed source rpm packages against your old release
- upgrade either the packageds needed or the box to a supported release
- see if the Centos packages do the job (which for releases close to
their FC origin probably works out)
Remember to make sure the bits firefox assumes are secure (graphics
libraries notably) have also been upgraded with any post FC13 end of
release hole fixes. It very rapidly becomes easier to migrate to a
supported release !
Alan
More information about the users
mailing list