F-EOL versions of Firefox: How to remove co-opted Diginotar CA?
Pasha R
pashar.ml at gmail.com
Tue Sep 6 15:49:15 UTC 2011
On Tue, Sep 6, 2011 at 6:18 PM, Daniel B. Thurman <dant at cdkkt.com> wrote:
> On 09/06/2011 08:08 AM, Pasha R wrote:
>> On Tue, Sep 6, 2011 at 5:19 PM, Daniel B. Thurman <dant at cdkkt.com> wrote:
>>> For EOL FF versions, how can I remove the co-opted
>>> Diginotar CA certificate? Instructions given by Mozilla
>>> does not remove this certificate.
>>>
>>> If the root CA's cannot be manually removed, Is there
>>> a FF rpm that has the fix?
>> Uneducated guess: try running FF as root and then following
>> instructions by mozilla
> I already explained that the instructions given by Mozilla
> does not work. You can try to 'delete' DigiNotar per Mozilla's
> instructions, having done that, and going back to check will
> show that it still appears. This root CA is a built-in object...
> so it cannot be deleted.
>
> Since there are no updates for end-of-life fedora versions, one
> may have to backport the ca-certificates packages, since not
> only Firefox is affected but many others such as Seamonkey,
> Thunderbird, and many other applications, as Kevin Fenzi wrote.
>
> Now... I need to figure out how to do a backport of ca-certificates
> pkg so if anyone has any idea how this can be done, I am all ears...
>
>
Instructions (almost) worked for me - CA is still displayed, but if
you press "Edit trust" button, you will see, that all checkboxes are
unchecked, so it will not be used for anything.
More information about the users
mailing list